Skyhigh Networks has released a long blog/report written by Cameron Coles entitled “7 Charts That Reveal The Meteoric Rise of Office 365”. It charts how Office 365 has become Microsoft’s big cloud success and a positive cash earner. It quotes Amy Hood, Microsoft CFO as saying: ..”transactional customers who generally upgrade every 5-7 years pay up to 80% more in the long run with Office 365.”
According to a statement by Nigel Hawthorn, Skyhigh Networks’ Chief European spokesperson: “It’s no real surprise that Microsoft Office 365 continues to go from strength-to-strength within the enterprise. The wide range of available applications means that there is something to match the requirements of all industries.”
Security is the worm in the apple
Despite its success in the enterprise all is not as rosy as Microsoft might like to think. Skyhigh raises a number of concerns over safety. The success of Office 365 means that it is increasingly beginning to be used to store sensitive data. Microsoft Office is by far the most dominant office productivity suite in the market. As a result it won’t come as too much of a surprise that a Skyhigh Networks analysis of 20,000 cloud services showed that 58.4% of sensitive data in the cloud is stored in Microsoft Office documents.
Much of that data is stored in other vendors File, Sync and Share (FSS) and cloud storage solutions. Looking at the Office 365 numbers and in particular OneNote, which is the most used Office 365 application, Skyhigh Networks discovered that 17.1% of stored files contain sensitive data. They break that down into four areas:
- Confidential Data – 9.4%
- Personal – 4.1%
- Health – 1.9%
- Payment – 1.7%
In October 2015 the Skyhigh Networks Cloud Adoption and Risk Report for Q2/2015 looked at the amount of sensitive data it was seeing generally stored in the cloud. One of the things it highlighted was the increasing use of files with names such as ‘Passwords’ where users were storing their password lists in the cloud in case they forgot them. In the last nine months Skyhigh Networks has recorded an increase from 143 to 204 such files inside corporate OneDrive services.
Hawthorn says: “It is surprising that businesses and employees are still taking a relaxed approach to document security, especially when you consider the high frequency of threats. You would hope that the spate of high-profile data breaches would make enterprises sit up and take notice about the need for encryption, but the amount of unencrypted sensitive data stored on OneDrive is increasing.
“More than half of documents across all cloud services that contain sensitive data are stored in Microsoft Office formats. This percentage will only increase as OneDrive becomes more tightly integrated to the rest of the suite. Therefore, it’s imperative for businesses to educate their employees about how to safely store documents in the cloud; and that need is even more vital in industries where the nature of data is likely to be highly sensitive such as in financial services or healthcare, two of the biggest users of Office 365.”
The dangers are more than just badly named files. Coles notes in his report that:
- 71.4% of companies have at least one compromised account per month including unauthorised access using stolen credentials.
- 57.1% have at least one insider threat. The example given by Skyhigh Networks is users downloading sensitive data from SharePoint Online that they take with them to a new job. While there is nothing new here is does highlight how easy it is for users to steal data.
- 45.9% has at least one privileged user threat. This is probably the biggest issue around and interestingly Skyhigh Networks records this as being events such as an administrator provisioning excessive permissions to a user relative to their role. However it is unclear how much data Skyhigh Networks has about the rationale behind that allocation and whether it includes in this number the number of people who never have permissions revoked when they change role inside a company.
- The average enterprise has 5.4 million events in Office 365 per month, 256 are anomalous (eg. a login from two locations, unusual download volumes) and 1% of these anomalous events turns out to be a threat (one in 95). The problem here is the sheer volume of alerts that are generated. Skyhigh Networks does note that it is possible to use an API to consume the raw event feed and direct it to other security products. It also reports that many are beginning to use User and Entity Behaviour Analytic (UEBA). The question is whether this is enough to make it easy to spot the threat within the data.
The success of Office 365 and the move away from boxed product to subscription has ensured that Office remains Microsoft’s most important cash cow. Going forward Skyhigh Networks believes that there is a lot of room for Microsoft to continue to grow this revenue. This will please both Microsoft investors and Satya Nadella who has taken Microsoft into the cloud and completely revitalised it.
However the increasing security threats are something that need to be addressed. Many of them are about how enterprises handle alerts and educate users. However Microsoft also needs to do more to make it easier to find the key alerts in the firehose of events that it directs back at its customers.