June 07, 2016

Office 365 Vulnerabilities & How to Stay Safe

Laurent Slutzky


Earlier this year, technology researchers exposed a vulnerability in the way that Office 365 handled federated identities with SAML. This security flaw left hackers with ready access to user accounts and data. As a result, Office 365 users, including major companies such as British Airways, Vodafone, and Verizon, were left at the mercy of attackers. While Microsoft was quick to address this recent security vulnerability, the incident underscores the importance of cyber security, even for Office 365 users. Office 365 may not offer ample cyber security features to protect modern businesses, yet many corporations rely solely on Office 365 to stay safe. Take a minute to review your enterprise cyber security, and the limitations of Office 365, in lieu of security flaws that have come to light.

In the SAML issue, attackers could use cross domain authentication bypass to gain total access to an enterprise’s Microsoft 365 account. This meant that attackers could bypass authentication to view all emails, all documents stored in OneDrive, all meeting information kept in OneNote, and even Skype phone and video chat information. The level of access granted depended in the individual company’s Office 365 plan.

Two technology researchers, Klemen Bratec and Ioannis Kakavas, discovered this security flaw in Office 365’s SAML (Security Assertion Markup Language) Service Provider implementation. For a little bit of background, SAML allows for a single sign-on between different web domains. Within 7 hours of notification, Microsoft fixed the SAML flaw, thereby closing the open gate.

While this security flaw was quickly resolved, it nonetheless represents a risk for businesses and illustrates that Office 365 is not a panacea for security.

This incident follows after a 2013 Office 354 vulnerability in which any individual with an Office 365 account could use JavaScript to gain Admin access to the business’s entire Office 365 environment. That loophole took over two months to close, after a White Hat hacker alerted Microsoft to the problem. While this security issue is historical, it does highlight the point that not all problems can be resolved in a matter of hours.

Studies show that the average company believes their data breach detection powers are significantly better than they are. 75 percent of Tripwire survey respondents believed that they could uncover a data breach within 48 hours of incident. Despite the high level of confidence, 59 percent of survey respondents reported that their data breach tools are only “partially or marginally” implemented. With such a lackluster deployment of cyber security tools, the reality is that businesses are realistically much closer to the 197 day time frame for detecting a security vulnerability, like a data breach, posited by Arbor Network.

The next time someone uncovers a security flaw in Office 365, it could be your business that is exposed — with disastrous results — while Microsoft plays catch-up. If incidents like these have you nervous about how safe your data is in Office 365, now is the time to make sure your business data is protected fully. Third-party tools allow you to use Office 365, while adding protections that reflect the risks of operating in the cloud environment.

A deep defense is the best way to safeguard against cloud-hosted enterprise assets data breach. If your business is relying only on the tools that come built into Office 365, the odds are great that your enterprise may fall victim the next time a security flaw is uncovered in Office 365. The above-mentioned examples should spur your business to act now. Investing in additional third-party protection will bridge any gaps in your security coverage. This will also act as a failsafe, should a new flaw be uncovered within the Office 365 environment.

If you are thinking of implementing additional security tools to protect your data in Office 365, the data shows that you are far from alone. Industry analysts predict that, by year end of 2018, 40 percent of those using Office 365 will actively rely on third-party tools to supplement cyber protection. This figure is up over 30 percent from less than 10 percent of Office 365 users in 2015.

There are many features that you can implement for additional protection — so many, in fact, that choosing among them can be confusing. Recommended add-on features that can bring additional protection include:

  • Third-party cloud encryption: With third-party cloud encryption, business customers can use their own encryption keys for data. Customers inventing their own encryption keys benefit from the individuality factor. With third-party cloud encryption, even if the business account is breached by an individual, the attacker cannot read encrypted information. A third-party cloud encryption tool supplements the native encryption tools offered by Office 365, resulting in a tool that is easier for the end user to implement and offers a stronger protection.
  • Dedicated email encryption: Email encryption safeguards sensitive emails, which is critical to protecting enterprise intellectual property and maintaining a competitive edge. While Office 365 does allow for email encryption, the process is lengthy and imperfect. Mobile users may not be able to view encrypted messages at all, if there is a third-party app ban on devices in the office environment. Even if there is no barrier to encryption, the user must go through a tedious nine-step authentication process before the encrypted messages can be read. Third-party encryption tools are simple, easy, and straightforward to use for swift email communication. Compared with the native tools, they are a good option for anyone who values productivity and security.
  • Integrated data loss prevention (DLP) tools: DLP tools can control data during migration to the cloud, while it’s stored in the cloud, and to find data when it becomes lost or leaked within the cloud. Yet companies have to set and deploy rules one by one for every cloud app they use. By integrating all of their DLP rules across distinct cloud services, companies can safeguard their data no matter which Office 365 utility it’s stored in. This sort of standardization brings greater transparency to the Office 365 environment, while increasing productivity and security.
  • Improved sandboxing: Sandboxing allows cyber security tools to review suspicious information in a safe space, where it cannot affect stored assets, sensitive information, stored documents, and intellectual property. When a threat could negatively impact your business or cause data loss, robust sandboxing is critical. Additional sandboxing technology prevents the delivery of suspicious files, programs, or messages and allows for enhanced detection of malware that masquerades as legitimate data.
  • Global threat intelligence: Office 365 does offer global threat scanning to protect against threats. That said, Office 365’s built-in protections are not as robust as those offered by sophisticated threat monitors. Companies canceling their global threat intelligence because they’ve adopted Office 365 will soon realize the security gap. To ensure total protection against malware, spam, and viruses, it is strongly recommended that Office 365 users purchase an independent global threat intelligence utility.
  • Pattern recognition: Predictive tools are capable of recognizing patterns both in the cloud and onsite, using threat intelligence and cognition tools to quickly detect unusual behavior. Cyber security tools can also correlate on-premise and cloud activity to identify malicious behavior quickly in either environment. These tools can also review past user activity, discover connections and patterns of behavior between users, and applications to quickly mitigate external and internal threats.
  • Active link protection and real-time email scanning: Real-time active link protection and email scanning reduce the enterprise exposure to vulnerability during malware and phishing incidents. This type of active link protection safeguards the business against malware that poses as legitimate when being scanned then reveals itself after delivery. At present, Office 365 does not offer active link protection, which could expose businesses to interior threats. With active, real-time scanning and link protection, suspicious messages can be quarantined in a sandbox environment for further analysis.

When considering supplementing your cyber security with third-party tools, it is wise to partner with a managed services provider who understands your business needs, IT infrastructure, and vulnerabilities. A sophisticated managed services provider can recommend utilities to implement, configure cyber security enhancements for you, and even perform network monitoring to quickly detect and mitigate any Office 365 cyber security incident. Managed service providers can implement cyber security tools on an as-needed basis, working with their clients to balance the ultimate in cyber protection with the IT budget needs of clients.

Microsoft is constantly tweaking the native security offerings within Office 365. Recent updates include admin ability to approve or deny user permission to access third-party services, admin oversight into which cloud services users are accessing, and the ability to receive security alerts when suspicious activity is detected in the Office 365 environment. Given this, the protection that business owners need to implement may vary over time, as Office 365 alters its security. Managed services providers can alter the services purchased to reflect updates to native Office 365 security.