Today’s post was written by Sara Manning Dawson, principal group manager for the Office 365 Core Foundations team.
I recently returned from the RSA Conference in San Francisco, where each year the security community meets to discuss the latest security risks and concerns, share best practices and showcase new solutions. As the threat landscape continues to evolve, so do the stakes for staying ahead with security intelligence. IT is under pressure to be able to quickly prevent, detect and remediate to minimize the impact of attacks if they do occur.
As many of our customers are now discovering, keeping up with changes to the security landscape is one of the unique advantages of the cloud. In fact, there are a number of properties that make the cloud inherently different versus managing your own IT services. These go well beyond security, but have important security implications and benefits.
As I explain in this episode of “From Inside the Cloud,” harnessing the unique properties of the cloud can give you a security advantage and reduce overall risk.
The unique properties of the cloud—scale, intelligence and automation
Scale—The first unique property of the cloud is the scale at which a service, such as Office 365, is operated. We architected the cloud service from the ground up to self-heal and stay up-to-date while scaling to the needs of millions of users.
Security is engineered directly within the service fabric. Because we’ve built and are accountable for the technology, we know what processes can and should run within the service.
For example, we are able to lock down server execution and communications to only what is expected and authorized. Also, redundancy and isolation is built in by default and strengthened over time, which means that your data is not impacted if anything were to happen to a specific server, or even two servers at once.
Intelligence at scale—The second unique property is what I refer to as “intelligence at scale.” Our detection footprint spans beyond what you could monitor in your own organization. With millions of activities going on in the service at any given point in time, we had to figure out how to sharpen the fidelity of what we surface as anomalies within a sea of signals. This allows us to quickly identify, anticipate and mitigate real and potential threats. We use our fundamental knowledge of what should and should not be happening in the service together with machine learning and analytics for real-time monitoring and analysis of millions of tenants. This gives us the ability to spot trends algorithmically before they are broadly exposed or known. In addition, as we learn of a vulnerability, such as malware on one customer tenant, we can mitigate the risk so that other tenants are not affected. For example, recent technologies in the service such as Advanced Threat Protection and Zero Hour Auto Purge allow us to proactively “purge” infected emails from all recipient inboxes.
Automation—To operate at scale, success means eliminating room for human interaction or error. Less human touch results in fewer mistakes and fewer opportunities for security breaches or insider threats. Through smart diagnosis and automated self-repairing—despite our continued growth in scale—we reduced the frequency in which our engineers have to get involved to triage issues.
We’ve created a solid boundary between your data and humans operating the service, including zero standing permissions for engineers. Diagnosing and troubleshooting the health of the system is done via hardened code paths. We like to say, “Human’s govern; code operates.” Operators need to request approval to run these scripts—even with approval, these are run remotely—with “just in time, just enough access.”
Based on our learnings, we’re also exploring new tools to give you an automated assessment of your security score. We’re working on providing you tools that can take a deep look at your security configuration and communications activity, assign you a security score and then make recommendations based on what it finds.
The shift to the cloud
All in all, running a high-scale multi-tenant service raises the bar for automation, detection and response to keep our systems hardened and always up-to-date. As the service grows, and as the threat landscape keeps evolving, we’ll continue to translate cloud scale, uniformity and intelligence into greater protection and value for our customers. We want to make Office 365 a security advantage for everyone.
To learn more about Office Security and Compliance, please visit trustoffice365.com.
—Sara Manning Dawson