OFFICE 365 CLOUD SECURITY ASSESSMENT

The information technology world is changing rapidly, and organisations are increasingly moving away from traditional on-premise IT systems in favour of cloud-based services such as Office 365. There are many benefits to using these services, but with these benefits come a whole host of new information security challenges.

The cloud can provide a highly secure and resilient service to many organisations – but only if it has been setup and configured in the right way. With an increased attack surface, it is more than essential to assure your cloud systems and know with confidence that your data, systems and people are safe.

As organisations evolve to take advantage of cloud-based technology, so too cyber-criminals evolve the techniques they use against us. With over 120 million users of Microsoft Office 365, it presents a large opportunity for attackers, who look to take advantage of a lack of understanding from consumers, and leverage the employees consuming the service.

EDGENETIC can help you to gain assurance that your Office 365 environment is configured securely and in line with good practices set out by Microsoft and the National Cyber Security Centre (NCSC). Our review goes beyond purely technical controls, and looks at the governance in place around your Office 365 environment, and the employees who use it.

What you can expect from an Office 365 review:

1. A review of processes governing your implementation;
2. Identification of security and control gaps;
3. Extensive knowledge about industry best practices;
4. A detailed and actionable report;
5. Identification of quick and meaningful recommendations;
6. Post assessment debrief detailing next steps.

If your organisation uses Office 365 and would like to gain assurance that you’re not exposed to common attacks, get in touch today to discuss an Office 365 security review.

 

What is an Office 365 Security Assessment?

The security optimisation assessment developed by EDGENETIC is a direct response to the increasing number of incidents that our own Threat Intelligence and Incident Response have seen. In relation to these other services within the business, this assessment primarily takes the aim of being a proactive measure for organisations before needing the reactive aid of Incident Response.

The assessment follows the guidance and best practices outlined by Microsoft themselves as well as the National Cyber Security Centre (NCSC). Combined with the expertise within EDGENETIC, a series of six domains have been developed, consisting of almost fifty requirements detailing different controls, tools, and processes that if in place can address weaknesses within configuration, management, and awareness.

The six domains defined in the assessment are shown below:

• Security Management
• Threat Protection
• Identity & Access Management
• User Awareness & Education
• Information Monitoring & Auditing
• Information Assurance

 

How is an Office 365 security assessment delivered?

The Office 365 security Assessment is a specified deliverable that takes aim of a vastly used cloud hosted software called SaaS – Software as a Service. This assessment takes a range of influences such as Microsoft and NCSC guidance coupled with EDGENETIC’s own intelligence, experience, and consultancy knowledge. What essentially would be an audit style assessment of controls, tools, and configurations within the suite, this assessment has been formulated to touch on direct influences, providing customers with value beyond what others might give them. These influences are the processes and training that the organisation provides its users which affect how users manage and operate the software.

During the assessment our consultant will:

1. Understand what is the scope of the clients environment;
2. Review the organisation against the 6 Domain requirements;
3. Evaluate effectivenss of the controls set out by the requirements;
4. Seek to understand where quick wins are possible;
5. Document the findings in a detailed report, providing recommendations;
6. Add value by exploring relevant areas highlighted as a result of the assessment.

 

What are the deliverables?

The following is delivered as part of this service.

  • On-site Assessment
  • Led by Information Security Consultant
  • Review organisation against the 6 domain requirements
  • Deliverable is a report
  • Debrief slides provided to AM

The benefits of this are:

  • Evaluate suite controls in addition to governance and awareness
  • Assessment in line with Microsoft & NCSC guidance
  • Recommendations for each requirement
  • Identifies quick and enhanced win areas

EDGENETIC add value above and beyond the Office 365 guidance by reviewing additional areas, such as those shown below. These should be discussed during scoping.

  • Security Management (Processes & Policies)
  • Native Security Tools
  • Change management
  • User Awareness

Frequently Asked Questions about Data Privacy Security

What is an incident response policy?

An Incident response plan or policy is a process you create before you experience a cyberattack. This is so that your team has a procedure to follow when you do experience a data breach. EDGENETIC follows the CREST Cybersecurity Incident Response process which is broken down into 3 phases: preparation, response, and follow up. Having a breach plan gives you the confidence to quickly nullify any threat to your data privacy security.

Why is data privacy security important?

Although it has always been important, the implications and need for higher security are coming into play now that technology is indispensable to everyday life. Using apps, browsing websites, and shopping online are all examples of how your data will be stored and managed online. For organisations today, the threat of cyber theft is a pertinent one. Having comprehensive data privacy plans in place can reduce and mitigate the risks of such events.

Does EDGENETIC practice sustainability?

As a company with a global footprint, sustainability is an area of importance to us. We are a registered ‘Investor in People’ organisation. Taking a cue from ISO 14001, we have strong sustainability practices put in place. Our organisation also hires fairly and equally, across gender and race. By working with us, you can rest assured that we implement data privacy security measures with ethics at the core of our mission.

Get in touch via the form below and get a free quote from us for our Red Team Security Testing services.

Scroll to Top