Gimmal Blog

Read the latest thought leadership and industry news from the experts at Gimmal!

All Posts

New Updates Manage Office 365 Compliance Risk

Several key updates to Office 365 focus around security and reducing your Office 365 compliance risk. This is crucial to ensure the integrity of your records.

Office 365 Secure Score

This is a new security analytics tool that applies a score to your current Office 365 configuration. Your Secure Score is the sum of the points associated with security configurations that you have partially or fully adopted.

The Score Analyzer allows you to track and report on your score over time. This can also be exported to a CSV file for easy communication and planning with your groups.

Additionally, Secure Score provides suggestions on actions that you can take to improve your current security. These are prioritized based on the effectiveness of the action and level of impact to end users. For example, actions that are highly effective with low level of user impact are placed at the top, followed by actions that are less effective and more impactful to users.

Secure Score can be a part of an organization's overall security strategy including strengthening its risk controls, mitigating potential losses and offsetting compliance risk.

Take a look at the video below for a more in-depth look at Secure Score.

 

 

Office 365 Threat Intelligence

As we've discussed before, the average cost of a data breach is staggering. This includes things like litigation, reputation damage and lost sales. Spending time and money upfront will always be less expensive than the consequences of a breach.

On that note, Office 365 Threat Intelligence uses the Microsoft Intelligent Security Graph to analyze billions of data points from datacenters, Office clients, email and other incidents as well as signals from Windows and Azure ecosystems--to provide insights to global attack trends.

It also provides information about malware families inside and outside your organization, including breach information with details, like how much bitcoin the attackers typically request in ransomware attacks. Office 365 Threat Intelligence also integrates seamlessly with other Office 365 security features like Exchange Online Protection and Advanced Threat Protection, so you’ll be able to see analysis, including the top targeted users, malware frequency and security recommendations related to your business.

Office 365 Threat Intelligence provides this visibility, along with rich insights and recommendations on mitigating cyber-threats, ultimately supporting a proactive defense posture, leading to long-term reduced organizational costs.

Office 365 Advanced Data Governance

Many organizations are exposing themselves to unnecessary risk because they don’t have a good grasp on all the data they have. Often, they retain data they no longer need, such as the personal information of former employees who have long since left the company. Should this personal data be compromised in a breach, the company could be liable for costly remediation, such as lifetime credit monitoring for these former employees.

Office 365 Advanced Data Governance helps you find and retain the data that is most important to you while eliminating redundant, obsolete and trivial data that could cause risk if compromised. Office 365 Advanced Data Governance applies machine learning to intelligently deliver proactive policy recommendations; classify data based on automatic analysis of factors like the type of data, its age and the users who have interacted with it; and take action, such as preservation or deletion.

 

Office 365 Secure Score is now generally available to organizations with an Office 365 commercial subscription.

Office 365 Threat Intelligence and Advanced Data Governance are expected to be generally available by the end of March 2017.

Related Posts

Creating a Framework for Classification

This is Part 2 in a series about creating and executing an effective file plan for your organization. Click here to read the previous post: Creating a Retention Schedule that Works.

3 Tips to Ensure KORA Compliance

There has been a spotlight on the Kansas Open Records Act (KORA) in the media lately, largely due to recent violations. Under KORA, any individual can request public records from government bodies. If all requested records are not provided within in a specific timeframe, these organizations are subject to significant repercussions. This is merely one example of a ‘sunshine law’. The purpose of sunshine laws is to provide transparency into government agencies by giving the public access to local government proceedings.

Creating a Retention Schedule that Works

Creating a usable, automated, and simple file plan is an important part of ensuring records are managed in a consistent manner and that you are protected from legal risks, such as failure to disclose information during a discovery proceeding or the unauthorized leakage of information. The first step in the process is creating a retention schedule, which outlines how long records are kept in accordance with the organization’s obligations and the law.