The challenges associated with securing data in Office 365, whether completely cloud based or a hybrid AD iteration, are numerous, and addressing them requires a solid plan to ensure your risk of a data breach or accidental exposure is minimized.
That plan begins with continually assessing permissions to ensure data is only available to those who should have access. It also requires implementation of a system that enables you to detect security abnormalities as quickly as possible.
The third component of properly securing your hybrid environment is two-pronged:
Given the myriad moving parts within an organization—employee turnover, promotions, changing access privileges—it’s impossible to manually keep permissions up-to-date. To create an environment that maintains consistent, accurate access permissions across your on-premises AD and Azure AD, it’s important to automate as many processes as possible, such as:
Once remediation processes have been automated, it’s important to prevent unauthorized access from recurring. The principle of “least privilege” is an access model that further restricts the permission typically available for AD tasks and GPO permissions, mitigating the risk of recurrence. The model includes:
Once remediation and mitigation processes have been established, you’ll greatly reduce access mistakes and lapses as well as avoid the risk of making the same mistake twice.
To learn more about maintaining security within your cloud or hybrid AD environment, download the complimentary Quest e-book Surviving Common Office 365 Security Pitfalls.