websights Cloud security: how to protect access to Microsoft Office 365 - TrustBuilder

Looking for inwebo.com? You are in the right place! Read all about it in our blog post

Join us at Les Assises de la cybersécurité in Monaco - Booth #117 - October 11th-14th

Contents

Cloud security: how to protect access to Microsoft Office 365

With employees becoming increasingly mobile and working in the cloud, especially with Microsoft Office 365, the need for a Zero Trust policy combined with the implementation of a multifactor authentication (MFA) solution cannot be overstated. Choosing the right MFA solution also means boosting team agility by allowing the end-users (employees, VIP, partners, etc.) to connect to their cloud applications faster and much more easily.

Microsoft Office 365, a connected ecosystem of collaboration tools

Microsoft Office suite is one of the most well-known services, including Powerpoint, Word and Excel, and is a “must have” for organizations. To support the digital transition of worldwide companies, Microsoft offers Microsoft 365 (formerly Office 365). A suite of tools including the Office suite and a set of online services, including OneDrive, Teams, Skype Enterprise and SharePoint Online.

Cloud services such as Microsoft 365 are fitting in perfectly with the evolution of the workforce and workplace. They allow users to work from anywhere, on any device. But as the number of users increases, these applications have become vulnerable entry points to cyber threats.

The Microsoft Office 365 cloud, a money-making target

Microsoft 365 suite being particularly widespread among all companies, including wordlwide leaders, it makes it a very attractive target for hackers, especially since it is in the cloud. In addition, companies share a lot of information (internal data, customer data,…) which can be sold at high prices on the dark web.

Hackers and other cybercriminal groups are behind a large number of data leaks with increasingly sophisticated attacks: phishing, smishing, credential stuffing, Man in the Middle,… If SMBs are more vulnerable because they are generally less protected, big companies are far from being safe from the threat of cyberattacks.

"More than 25% of Microsoft Office 365 users have experienced unauthorized logins and more than 60% have been actively targeted."

What are the risks if your sensitive data is compromised

Data leakage means financial loss. Of course, the cost of a cyber attack depends on many factors, including the size of the company, the amount of business downtime, etc. Accenture Security and Ponemon Institute’s 2019 global study reveals that the average cost of a cyberattack for large companies is $13 million. An increase of 27.4% year over year.

Regardless of the size of the company, a cyber-attack always has negative consequences on the activity and even on the image of the company.

  • Unavailability of services, website, or production
  • Penalties due to inappropriate sharing of sensitive data (compensation to customers, regulatory penalties, ….)
  • Brand image damage that can lead to a decrease of customer loyalty, or even a loss of customers or a decrease in sales growth
  • Risk of industrial espionage
  • Psychological impact on the employee of the organization that suffered from the cyberattack

The stakes are therefore high: strengthening cybersecurity must be part of organizations' business and technical priorities.

Multifactor authentication to protect data in the Microsoft Office 365 cloud

Multifactor authentication (MFA) is known for being the best defense against common cyberattacks such as phishing, credential stuffing or account spoofing. More and more organizations and businesses are integrating MFA to protect the access to cloud applications such as Microsoft 365. Especially when handling sensitive data. And even Microsoft offers MFA within its identity and access management (IAM) solution: Azure Active Directory (Azure AD).

However, it is important to note that the MFA solutions available on the market do not all have the same technology, providing different levels of security. Hence, you may think you are protected, but some attacks like phishing and MITM can easily bypass standard MFA solutions. Only an authentication specialist can offer technologies that are advanced enough to withstand the most sophisticated attacks while providing a much smoother user experience.

So far, only two types of MFA solutions offer protection against phishing and MITM attacks: solutions based on FIDO U2F tokens, which unfortunately are not compatible with the Apple environment, and inWebo MFA.

inWebo MFA brings cybersecurity and productivity together in the Microsoft Office 365 cloud

When it comes to cybersecurity, there is usually a compromise to do between the need to protect an organization’s identities and accesses and the practical realities of solutions such as multifactor authentication (MFA/ 2FA).

What if your cybersecurity actions had a positive impact on your business?

The implementation of a strong authentication solution should bring you much more than a protection against cyber threats. inWebo’s technology is a way to boost the agility of your teams.

Mobility

Promote your users' mobility and adapt to their digital environment with a full range of tokens: mobile, desktop, browser (Deviceless MFA).

Employee Experience

Improve the login experience and gain efficiencies by providing your users with a uniform, passwordless login experience, with no passwords to remember or SMS to copy, for logging in anywhere from any device, with only a simple PIN code.

360° protection

Optimize the work of your IT teams with hundreds of integrations available, via connectors, APIs or SDKs, for quick and easy deployment across all application accesses (VPN, IAM, SSO, PAM, business application, consumer application...) and not just Microsoft 365.

Cost reduction

Reduce your maintenance costs by allowing users to be independent when enrolling their trusted devices (token).

And all this while enjoying the highest level of access security thanks to the unique combination of dynamic random keys, a patented technology, and HSMs (Hardware Security Module).