Microsoft Office 365 is widely used as a business-to-business communication tool. The email, document sharing and teamworking features are well known and liked by over 1.2 billion office users and 60 million Office 365 commercial customers worldwide. Office 365 also offers great flexibility, allowing users to benefit from cloud services, accessing emails and files from anywhere.
Unfortunately, this very flexibility can present security challenges to some organisations, with the loss of a single password or security credential resulting in a major data breach.
Some organisations choose to implement 2-factor authentication (2FA) as an improvement to the security features, however even this is not foolproof. Furthermore, 2FA using techniques such as text-based code authentication is seen as an unwieldy restriction and is often disabled for users operating inside a corporate office. This in itself can result in significant security weaknesses.
Recognising these weaknesses, a central government department approached us to design and implement a truly secure implementation of Office 365 which overcomes many of the issues associated with alternative technologies. Gatekeeper offers a huge number of benefits, including:
• Secures all of O365 including SharePoint, Email & Teams.
• Simple to use. Just log on to your PC, insert the dongle and go!
• Prevents access to Office 365 from the open internet – Secured via IP restrictions.
• Users can only connect from machines with a pre-shared VPN key.
• Requires a hardware dongle & password to access O365.
• Secure logging of all access events, moved files etc.
• Protected by patented ‘Trusted Cloud’ technology.
Using Gatekeeper for Office 365
To access Office 365, the user must use an endpoint device (e.g. a laptop) with a valid pre-shared security key to connect to a central VPN service. This prevents access to Office 365 services from any unauthorised devices. The connection is established automatically with no need for the user to enter a dedicated VPN password.
Once a connection to the VPN central service has been established, the user requires a dedicated USB security key to be connected to their laptop in addition to their central password for Office 365.
No single security lapse can result from a compromised Office 365 password since all users require a pre-approved laptop, a hardware security key and their user password before they can access the system.
Trusted Cloud technology
The critical cloud servers, including VPN access points which are used to prevent unauthorised access to Office 365 are protected using patented ‘Trusted Cloud‘ technology.
The technology employed is a cutting-edge approach called distributed hardware-backed whitelisting. Every few seconds, each critical server generates an audit list of all programmes and configuration running on the server. This list is digitally signed using a cryptographically secure hardware module. This audit data is then sent to three or more verification servers where it will be cross-checked against a previously generated and signed whitelist. Even a single line of unauthorised code will be instantly detected and flagged, allowing security analysts to stop an attack in its tracks.