The current COVID-19 pandemic is pushing organizations to adopt a growing number of cloud-based services, for this reason, the DHS CISA published a new alert that provides recommendations to secure Office 365 deployments.
According to the Agency, many organizations contine to deploy their infrastructure without implement best security practices and exposing them to the risk of cyber attacks.
“Since October 2018, the Cybersecurity and Infrastructure Security Agency (CISA) has conducted several engagements with customers who have migrated to cloud-based collaboration solutions like O365. In recent weeks, organizations have been forced to change their collaboration methods to support a full “work from home” workforce.” reads the alert published by CISA.
“While the abrupt shift to work-from-home may necessitate rapid deployment of cloud collaboration services, such as O365, hasty deployment can lead to oversights in security configurations and undermine a sound O365-specific security strategy,” .
The alert contains recommended the following configurations when deploying Office 365 installs:
“CISA encourages organizations to implement an organizational cloud strategy to protect their infrastructure assets by defending against attacks related to their Office 365 transition and better securing O365 services,” continues the alert.
This is the second time that CISA provides a similar alert, in May 2019, the agency issued another alert for those organizations that were migrating to Microsoft Office 365 and more in general to cloud services.
Please vote Security Affairs for European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERS
(SecurityAffairs – Office 365, CISA)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.