The Current Security Landscape
External security threats have long been a known risk to every organization, with attacks coming from several different sources – ransomware and other forms of malware, phishing attacks and network breaches. These threats are well known by MSPs and a majority of Service Providers have a rich set of common procedures and security solutions they utilize to protect their customers against these external threats. MSPs have implemented solutions like antimalware and email security solutions, Multifactor Authentication, CASB services and more to ensure their customers are properly protected. These measures are an absolute necessity to keeping an MSP’s customers safe. However, there is another security threat that is on the rise within the MSP community that is often overlooked – Insider Threats.
IT professionals are expected to act in good faith, to conduct themselves in a professional manner and to put the best interests of the company and customers above all else. Unfortunately, this is not always the case and can never be assumed. Malicious activity within an MSP organization’s own walls has historically been much harder to prevent and control than external threats. This was made very apparent recently in an FBI arrest of an MSP engineer at Chimera Technologies, who was looking to sell their IT administrator access to MSP customer environments. It is estimated that 68% of organizations are vulnerable to insider threats, with 53% believing it has become significantly more difficulty to detect insider threats since migrating to the cloud. This poses an incredible risk to MSPs, where a single internal breach can be fatal to their business.
The most widely consumed business application in almost every MSP customer base across the globe is Office 365. This SaaS offering is feature rich and includes a number of popular cloud applications (Exchange, SharePoint, One Drive, Teams, Intune…) that are contained within the Office 365 productivity stack. Ironically, Office 365 is also one of the most vulnerable application suites when it comes to Insider Threats. There’s an extremely limited amount of Access Controls that come with Office 365, and compounding that, it’s difficult to monitor administrator activity. The IT administrators that are responsible for managing customer tenants are often given Global Administrator credentials for each tenant they manage, which provides unlimited access to customer data. This presents a target rich environment for security breaches within the MSP. Because of this, MSPs must be more diligent than ever in protecting against internal attacks given the pervasive adoption of Office 365 across an MSP’s customer base.
Defining the Solution
So how can MSPs ensure that they implement the proper security measures in order to prevent Insider Threats with Office 365? Below are three steps MSPs can enact immediately to bolster their internal security posture:
- Advanced RBAC (Role Based Access Control) Rules – The Office 365 productivity suite has unique administration consoles for each cloud workload. These administration consoles have very limited ability to provide granular control over administrator access rights. A majority of MSPs allow their Support Staff to have Global Administrator credentials to every Office 365 tenant that’s being managed, providing their staff unlimited access to customer data. To prevent against accidental changes by IT administrators and avoid the potential for malicious behavior that comes with unrestricted access rights to customer data, MSPs should seriously consider implementing a “least privilege” model. This practice restricts access rights for different administrator roles to ensure that each IT administrator can only access the Office 365 customers that they are absolutely required to in order to perform routine, legitimate administrative tasks. To help create such a model, MSPs should consider third party tools that allow for granular control of access rights by IT administrators to the Office 365 customers and workloads they manage. This ensures complete administrative control over all administrators – what customers they can manage and what actions they can perform (i.e. – only reset passwords).
- Advanced Auditing Across Office 365 Workloads – By inciting the use of auditing capabilities, MSPs can easily monitor their entire IT staff’s behavior to ensure proper administration regulation. By having real-time insight into what changes were made when, to which customers and against which Office 365 workloads, MSPs can easily remediate any unwanted changes or unwarranted administrative behavior. This not only provides strong preventative security measures, but appropriate remediation privileges as well.
- Unifying Administration and Access Control for Office 365 – Leveraging a “Single Pane of Glass” web console to not only unify administration across all Office 365 workloads but also enable granular control of administrator access rights should be a top consideration for all MSPs. This streamlined approach to unified administration and access enables MSPs to have complete control of all administrator activity across all Office 365 tenants, while purposefully delegating very granular administrative responsibility across IT support staff. This creates not only a much greater security posture within an MSP, but also significantly greater service efficiency.
Internal or External, the number of attack surfaces will continue to rise. The above suggestions are only a few steps MSPs should consider taking when creating a robust security posture for delivering managed services to their Office 365 customers. There will never be a single solution or best approach when it comes to protecting customer data. Each MSP will have their own set of requirements and establish their own security best practice. However, by following the above guidelines and deploying the right technologies, MSPs can begin down the path in creating a future proof security solution that protects customer data as well as scales with a growing business.