This weeks guest post is brought to you by Seb Masterton-Smith from HMS-evolve, a Microsoft Cloud Solution Provider.
In this world of uncertainty, insecurity and downright misinformation, how do you know if your cloud service is secure and maintain its integrity?
One provider has created a tool which gives you a score of how secure your tenancy is based on a series of security best practices. Not only is Office 365 one of the most popular cloud services for collaboration and productivity, but it’s also cramming in a host of secure features that would please most high security sites. It’s called Office 365 Secure Score and it gives visibility into just how secure your implementation is and presents you with a rating, much like a credit rating score.
Simple? Scary?
Sounds simple, and it really is!
Office 365 Admins can simply go to https://securescore.office.com to see how they are doing, and can share this information with other users in the business.
Once you are in, the first thing you’ll notice on the dashboard is the score itself, a huge number in the middle of the screen, and if it’s the first time it’ll likely be lower than you might think. Your first instinct will be to panic, and perhaps question everything you know about your Infrastructure, fearing that some teenager in his parents’ house is hacking into your data right now.
Stop, take a deep breath, count to 10 or go for a walk, whatever you need to calm down, it’s not as bad as it seems. Once you’ve calmed down, made a coffee and got back to your screen, here’s how you can take advantage of this information and improve that terrible score.
Take action!
Underneath the scary score you’ll find a list of actions which can help improve it. It’s worth going through each one and understanding what each one means, there’s not enough time to go through them all here, but they are broadly split into 3 categories (account, device and data. Some tasks are an immediate change and forget (such as enabling Multi-Factor Authentication), others are suggested to be reviewed periodically (reviewing sign-ins after multiple failures report weekly).
Either way, there are a lot of really sound security features that will help secure your business, especially with the new European General Data Protection Regulations coming in May 2018, which impact all businesses that interact with European citizens.
Great, so this will tell me if I am more likely to get breached?
Unfortunately, it won’t. There is no way to properly measure whether your Infrastructure is liable to get breached or not, because that depends on many more factors than simply the security of the Infrastructure. Someone that is determined won’t be stopped by anything.
What it can do is go some way to mitigate the risk of your accounts, devices or data getting breached.
So my advice as a minimum is to go through the score and change options that you know about, and for the other options you can ask consultancy’s such as HMS-evolve to offer a free consultation on the rest.