Drive security enforcement across Microsoft Teams, SharePoint and Office 365 by Luzaan Lottering

So let me begin. Hi everyone

Thanks so much for joining our session today. During this amazing light up virtual conference, my name is Luzon Lotring as Nishanta said

I am the marketing manager at Cardiolog ytics and I will go ahead and kick things off

Today our session is on driving security enforcement across Microsoft Teams, SharePoint and Office 365

I'm very excited to talk to you about this today and to show you our solution, Cardiolog Enforce, because here at Cardiolog ytics we are revolutionizing enforcement across Office 365, Microsoft Teams, SharePoint and Microsoft

OneDrive by enforcing security, security policies and improving data safeguarding. And of course

if you have any questions, please send them through to the questions

box or to info at in clock.com. And you can also connect with us on

Twitter with the Twitter handle that you can see right there on your

screen at Cardiolog. So thank you to everyone for being part of this event in support of UNICEF and let's light

it up and continue to donate $1 or any amount you wish to to help support children in need globally

Thank you to all of the sponsors for this amazing event where we not only get to learn about

Microsoft technologies, but also get together to raise funds for UNICEF who continue to provide

humanitarian and developmental aid to children worldwide. And then for any feedback, please use these QR codes that will take you to the speaker feedback

and event feedback forms. To get back to our topic today, so in regard to the agenda for

cardiolog ytics session today, we'll start out with a very short introduction

I will talk a bit about cardiolog ytics and who we are, and then I will be going over different

enforcement types of violations. Then I will go over our enforcement tool and walk you through

how you can use our smart risk assessment engine to effectively manage securing Office 365

in your organization. And then after that, I will discuss security challenges in Office 365

in detail and also how to enforce effectively or how Cardiolog Enforce effectively secures

Office 365. And then again at the end there will be time for Q&A so continue to send your

questions through throughout this presentation. So let's begin with a brief introduction

Cardiolog ytics has been around for about 15 years now. Since 2005, in fact, we are based out of Boston and over the past 15 years, we've been focused on ytics and engagement designed for SharePoint, for Teams and Office 365

Our flagship solution is Cardiolog ytics and it's built specifically for internal platforms

including all versions of SharePoint from 2010 up to 2019, as well as SharePoint Online, Microsoft Teams, OneDrive and Exchange

We serve customers globally in about every industry from finance to pharmaceutical, government, education and many others

Our solution is available or all our solutions are available both as an on-prem as well as a SaaS version based on Power BI

A little bit about our goals. Our goal here at Cardiolog ytics is to help our customers to constantly improve Office 365

based on how it's being used. So there are four pillars that we talk to our customers about

The first is Monitor, which is tracking the usage within SharePoint, Teams, OneDrive, and Exchange

change. Second is engaging users, asking them what their needs are, asking them what their

pain points are and asking them what is not working for them. And then the next pillar

is to enhance. So we want to make sure we are constantly improving SharePoint and Teams

and so on based on those two pillars. The idea is to have actionable metrics

which will allow us to... Apologies, I was just interrupted by another session

Let me just quickly go back to where I was. Apologies for that

So the next pillar, as I said, is to enhance. So we want to make sure that we are constantly improving

SharePoint and Teams and so on based on those two pillars. So the idea is to have actionable metrics

which will allow us to constantly make Office 365 platforms better for our users

And then finally the last pillar is securing Office 365 by enforcing permissions and access

identifying breaches of information and securing confidential data. And this last filler, this is the one that we will be discussing in more detail today

Out by looking at different types of violations that exist in Office 365

and also how Cardiolog Enforce can help to secure and enforce. The first thing is confidential data

So we text yze data. So when links or content that's confidential or data that is sensitive is shared, it will notify those parties that need to be notified about it

How do we do that? We use AI and algorithms that yze

the risk of documents being shared and risk assessment determines if anyone needs to be notified

such as in a case where documents usually get shared amongst managerial staff and now suddenly this document is shared to someone lower on the hierarchy so this will be identified as a risk and cardiolog in force will act accordingly

next is private data so when private data is being shared or when a contract is leaked

you will get reports informing you about everything that was compromised and really

importantly those could be things compromised even prior to the leak. Next is corporate policy

violations such as inappropriate messages and that will be labeled inappropriate according to

the corporate policy of a particular organization. Next is access permissions, such as access to portals

for example, documents that certain users are maybe not permitted to access

For example, pages or sites or subsides that being shared with everyone

Or if someone is able to or permitted to access, but they are not really supposed to access

In that case, CardiologIn4 can and will block them and also notify whomever needs to be notified

And then the last one here, data extraction. So, for example, if someone is about to leave the company and then suddenly there's a lot of activity from them, things such as opening a lot of documents or any other what we will consider abnormal user behavior, according to the AI, this will then get flagged and it will notify whomever needs to be notified

Also, I would just like to add that we do monitor APIs as well

Now, I will show you around our demo environment to show you all how you can use CardiLog in force to keep company regulations intact

Let me. There we go. So I will give you first of all an overview of the solution and then demo our enforced GUI

So the first step will be deciding on and setting the enforcement goal

So that will be what is your enforcement goal? What do you want to do

What does your enforcement goal have to do with? Does it have to do with access permissions, with data extraction, with confidential and private data or corporate policies

Let me get into those a little bit more. If you look at access permissions, your goal might be to remove unauthorized users or an unauthorized user from a team

So that could be anyone maybe adding someone to a team or perhaps someone with the same name as someone else who is in fact supposed to be in the team

So let's look at some of these other canned access permission enforcement goals right here to remove unauthorized users from OneDrive documents, remove unauthorized users from SharePoint sites, flag security manager on unauthorized sharing user

Block unapproved user from unauthorized content and detect access permission. Human errors. Very important

Next, we have data extraction. This could be remove the user permissions upon suspicious usage anomalies

That could even be flagging a security manager on suspicious user behavior

Identifying and monitoring potential high-risk users. blocking end point output for users that violated companies policies and then also reporting on

compromised data very important if we look at confidential and private data i'm not going to go

through all of them but some of some examples of goals here could be to block private data on a team

chat, remove confidential data from a team with unauthorized members, report on unauthorized data

And then the fourth possible umbrella for goals in terms of your enforcement could be corporate

policies. So that would entail things such as to send some messages on public chat that violate

corporate policies to block a user that violates corporate policies on a team's chat

flag private chat in violation with corporate policies, and so on. Step two, first of all

you will then decide what your enforcement goal is. And if it's not one of these

you can go ahead and create one from scratch. So step two will be deciding which receiver role will be flagged, will be notified

Will it be my security manager, the person that's responsible for security in the company

and who will take the actions? Is it the team owner? Is it the actor or the actor is just a word for the user who performed the violation

So the guilty party. Is it a team member? Is it the manager of the actor

So the manager of the person who performed the violation? Or you can even go ahead and create your own segment

The next step, step three, how will these people be notified? How will they get a message

How will they be flagged as to what happened in the Office 365 environment once you've

selected who you want to get this notification, who you want to get flagged

So these are your different channels. Maybe they will get a text message, especially now that everyone is working remotely, a quick

text message to notify them of the violation that occurred. Maybe a pop up right with on the SharePoint page

notifying them of what has occurred. Email is also a great channel

Or you can even send them a message. Well, this message could even be sent to them directly

within social platforms such as right within Teams that will show up as a message in Teams

or in Slack, or in Skype, or even Messenger. So it really depends which channel will be best

for that particular job title or role that you have selected as the person who has to be notified Your next step will be violation type but I will go into that in a little bit more detail

when I demo the GUI. And then finally, step five, choose an Office 365 application that you want to

enforce. You want to enforce Yammer, OneDrive, Teams, SharePoint, or even Stream. So let me now

go back and show you a demo of a few scenarios to better grasp exactly how our solution works

and how an organization will truly benefit from using it. As mentioned, we already have the

information about your portal or your company or your customers portal and the usage of the portal

So in other words, how people behave in the environment as well as the information being

shared so we can actually yze and know what's going on in the portal before anyone gets the

information. So keeping that in mind, we have created two scenarios that I wanted to show

show you today and explain more about. If we click on this first one, this first goal I would like

to show in more detail is the goal of someone sharing information that is sensitive to the

company. So we can actually identify when someone uploads information or adds that to the portal

data that is not supposed to be exposed. We can actually monitor that information and using smart AI tools to define which data

is actually confidential and basically block that before it can be accessed by anyone

So we define a violation of confidential data when someone shares confidential data or violates

the confidential data rules. We can first of all block it or in other words prevent the violation

from even happening and then secondly notify those people who need to be notified of this

particular type of violation. So in this case I'm showing what will be shown inside SharePoint. This

is a SharePoint pop-up. So a pop-up on the manager's page that will notify him and also explain

that some user made a violation within that team or which confidential data was shared

So in this case, the content was removed first of all and the user was notified and as you can see

their security manager was also notified or flagged. If we go back to the channel

an organization can define, like I said, any channel they prefer to get notified in

Whether it's a phone call or text message or a message in Teams or any other integrated platform or an email

as I've mentioned, and even a really, really neat channel is, like I've said, an in-app message right within SharePoint

such as this one. And then if we hop over to this

eventually it will block the content and it won't be accessible by anyone

If I go back to the second scenario, which I would like to demonstrate

and that is unexpected access. So for example, in SharePoint or any other platform for sharing data

people have the liberty to share information that is already in the

and they can share that with other people that might not or should not have access to this

information. So the goal here is to basically block the user that received the invitation

or the permission access to access the data so we can take away his permissions without this person

ever accessing that data or that information. And all of a sudden, a new user has access to it, which he is not supposed to. So we can actually

identify that and notify the people that this user now has the permissions. So we don't just notify

we actually block the user. So in this case, like I said

a user that is external to the salespeople and he received something such as the cost management

of the product, which is confidential. So it's very important not just to block

not just to notify, but actually to block the user. So when he tries to access the page

he will get redirected to a designated landing page, which will actually show him that he was redirected to this landing page due to the fact that he did not have permission to access the page he initially tried to access

So if he wants, he can, however, ask for access. And then it is up to that particular security manager to allow that person or not to allow that person

So in this case, we send a text message and we can actually block the continuation of that violation

So as I mentioned, the product has a lot of predetermined goals and everything is dynamic

So using these scan enforcement goals you see here on this page, you can actually choose the goals you would like to enforce in your organization's portal

in order to make sure that your data is safe. So let me get back to the presentation

So why is all of this so important though? I will tell you why

Cloud implementations have brought incredible leveraging of on demand services to modern enterprise, but they've also introduced a host of new security issues, as you've seen when I was walking you through Cardiolog in force

So threat mitigation and disclosure are two of the key priorities in today's data incident response plans that work

and actually a new report by cloud consulting firm Delta Risk interviewed respondents with skin in the game

in terms of cloud services and they got a list of major worries

that are often included in risk mitigation plans. So some of those main concerns for Office 365 managers include

human access so that would be various type of unauthorized access cloud misconfiguration So wrong credentials and sharing Data leakages and that could be both private and confidential data that can be leaked

And then also APIs, the abuse of open keys and credentials. Cardiologin 4 secures Office 365 in the following ways for the following segments

So chat and media. Cardiolog Enforce can secure chats and images and links and attachments

and content via advanced enforcement algorithms. Hubs for users. So enforcing permissions and access

meaning all users and guests can be exposed to specific data and channels

corporate policies, validating corporate policies, including texts, files, content sharing and private information

And then security trust to identify the breach of private and confidential information across multiple platforms. platforms

Enforce really does revolutionize Office 365 enforcement in terms of media

If we look at media that is including messages, so any written and shared information, attachments

that could be content, files added to Office 365 from any other platform, even links and hyperlinks

links sent or shared with users or guests. In terms of permission and access, Enforce helps

to ensure access permissions for users and guests within a team or a channel. So enforcing and

flagging unauthorized access and permission violations and reporting on the severity of

the violation and possible cause of action. And then also in terms of language, enforce detects

messages that are against corporate policies and reduce corporate liability, enforces and flags

inappropriate text or language and reports on the severity of the violation and possible cause of

action. Let's have a look at the different types of violations that could take place

So different media types would include file uploads, OneDrive sharing, images, chats and

messages and as I've mentioned links as well as hyperlinks. And then the different environments

that we can enforce with Cardiolog Enforce is Teams, SharePoint, OneDrive, Yammer and also Stream

I would now like to go over some frequently asked questions regarding our solution Cardiolog Enforce

and then also at the end I will have some time luckily because I see that I went through

everything pretty quickly I will have some time to also thoroughly go through all of the questions

that you have sent me in the questions box. So some of our frequently asked questions are the

following. Does Cardiolog Engage actually stop the violation from happening or only report on it

That is a question that comes up a lot. So my answer to that is, so our answer to that

if the system recognises a violation in SharePoint, we redirect the end user to a designated

landing page which notifies him or her that he or she is not permitted to view

the page and then also contact the owner if he thinks he should but that's in

terms of SharePoint what about teams in teams we remove the user or the content

instantly and then another question that we get ever so often how do you identify

identify content that is sensitive. So we do that. Because we do text ysis AI algorithms

Also, we allow the customers to add keywords. So in addition, we yze the risk by permission

deduction and learning algorithms. So those are two of the questions that we get really

really often. Let me have a quick look here to see if anyone sent through any questions

in my questions box

I have no questions. Maybe now that I have finished with my presentation and also the demo

maybe the questions will come through now, so I will give it a minute

if anyone has anything that they would like to ask. if nothing is coming through then i will wrap up cardiolog ytics session today

and just as a reminder we invite you to visit us at intlock.com to book to book your free demo of cardiolog ytics

also Cardiolog Engage and Gamify. Those are three other solutions and you can also tweet us at

at Cardiolog and for more information and any other helpful tips please do check out our amazing blog

at blog.intloc.com and for more information please feel free to contact us at info at

That's intlock.com. Let me have a quick look at the questions. Nothing yet, so then I will go ahead and say a huge

thanks to everyone who joined or attended our session today. Enjoy the rest of all the sessions and remember to

donate to UNICEF. So yeah, goodbye to everyone. Thanks, listen, that was an amazing session

So it looks like we don't have any other questions, so that was so good