The Challenges
Cloud Collaboration: A Double-Edged Sword for Security Professionals
The strength of the M365 suite lies in how it drives productivity, consolidating and sharing massive amounts of organizational data across apps. However, this strength also creates security challenges. All that shared data is a prime target for bad actors using credential theft to gain access to potentially sensitive data. It is no secret that account compromise and related data breaches have become a growing issue, with M365 being one of the most exploited systems worldwide.
From an identity standpoint, M365 presents some issues security practitioners should consider:
- Microsoft made it very easy to share individual documents across M365, which essentially creates document-specific entitlements. This produces exponential entitlement sprawl, making reviewing and managing access across an entire organization challenging with historical governance solution
When data can be shared to nearly any internal or external party, whether by design or by accident, the potential of data breach naturally increases.
- Privileged access across M365 environments is important to monitor, with privileged escalation top-of-mind for vulnerability management teams. Often, identities have excessive privileges, or admin access is given to those who simply do not need it.
If an attacker gains access to these credentials, they can often access and exfiltrate sensitive data, or worse yet, cause harm to the systems themselves taking advantage of these compromised credentials.
