Are native Office 365 and Azure ad audits enough?

The Netwrix 2018 report on security in the cloud shows that cloud technology is getting the attention of more and more companies. 42% of respondents are ready to adopt the cloud more widely, and half of them plan to store more information about their customers, employees and finances in the near future. For many companies, that means adopting Office 365 and Azure AD. According to Microsoft, there are 120 million active Office 365 users, and five million businesses around the world use Azure AD to manage their infrastructures.

One of the advantages of the cloud is that it makes it much easier to share content. But it’s also a downside – the Netwrix survey found that the risk of unauthorized access ranks as the number one security concern in the cloud, with 69 percent of respondents mentioning it. How does Microsoft help organizations secure their Office 365 and Azure AD deployments, and what are the limitations of their native tools?

What has Microsoft done to improve the security of Office 365 and Azure AD?

Microsoft has done a lot to help businesses related to security in the cloud. It launched the Office 365 Security and Compliance Center to help users better manage access to data. It offers relevant reports, including risky logins, risky events and risky users. These reports highlight users who have been flagged as at risk, and detail their activities. The company also offers Secure Score, a risk assessment tool that advises you on steps you can take to improve your security in the cloud. In Azure AD, Microsoft enforces conditional access policies, and multi-factor authentication will soon be the default option for all Azure administrators.

Why are default security measures still insufficient?

Despite these security advancements, there are three significant issues that make many organizations reluctant to rely solely on the security auditing features built into Office 365 and Azure AD.

Problem #1: Short log retention period.

Many compliance standards require companies to store their audit logs for much longer than Microsoft allows – 90 days maximum for Office 365 and 30 days for Azure AD. PCI DSS, for example, requires companies to keep logs for one year, and HIPAA for six years. The GDPR does not specify a specific retention period, but requires that companies be able to investigate a data breach at any time. The 2017 Ponemon Institute study, Cost of a Data Breach Studyfound that it took an average of 206 days to detect a data breach.

Clearly, Microsoft’s short log retention times are insufficient for organizations that need to present evidence of compliance or investigate most security incidents unless they periodically back up log data manually before overwriting it – a tedious and error-prone process. For this reason, many organizations are looking for third-party auditing solutions that provide reliable, automated log collection and cost-effective long-term storage.

Problem #2: Hybrid environments are not supported

Even though Gartner expects the public cloud market to grow more than 160 percent by 2021, on-premises deployments will continue for some time. The analyst firm estimates that 72 percent of enterprises are taking a hybrid approach in 2018, a number that hasn’t changed much from previous years and isn’t expected to change in the near future. As enterprises gradually migrate to the cloud, they need a way to ensure the security of their on-premises and cloud infrastructures.

Microsoft offers a variety of reports that facilitate data access governance and risk assessment in the cloud, but integrating these reports with data from on-premises reports and other sources in different formats is time-consuming and difficult. To detect active threats and investigate incidents quickly, security professionals need a comprehensive analysis of the entire IT infrastructure. That’s why many organizations are looking for third-party solutions that provide a single point of access to all audit data, across all systems, and present the data in a unified way.

Problem #3: Lack of Usability

Although Microsoft is constantly updating and improving Office 365 and Azure AD, some critical usability issues have yet to be resolved. In particular, the filtering features of audit reports are insufficient, and it is not possible to sort reports in any order other than chronologically. Neither Office 365 nor Azure AD provides predefined compliance reports; users must export audit data in CSV format and compile the audit report manually in Excel – a daunting task that enterprises could do without, as they are already paying top dollar for other features. As a result, companies are looking for a more flexible and easier-to-use solution.

The native auditing features of Office 365 and Azure AD meet some basic needs, manage access to data and ensure that content sharing complies with security policies. However, they are not functional enough to meet industry regulations and standards and prove compliance. Short log retention times, lack of support for hybrid environments, and usability issues are driving organizations to seek out third-party solutions that can streamline their security and compliance efforts.