Governance & Risk Management , Video , Vulnerability Assessment & Penetration Testing (VA/PT)

Microsoft 365's Security Gaps: Logging and Beyond

BH Consulting's Brian Honan on Enabling Standard Security Features in Microsoft 365
Brian Honan, CEO, BH Consulting

Robust logging capabilities in Microsoft 365 are crucial to prevent security breaches, said Brian Honan, CEO of BH Consulting. A recent intrusion into the Microsoft 365 cloud environment is a case in point. The breach, reportedly by state-sponsored actors from nations targeting the U.S., compromised several government accounts.

See Also: Zero Trust: Approaches, Use Cases, and Myths Debunked

The incident revealed how many of Microsoft's clients who store critical information in Microsoft 365 use license plans lacking essential security features. Many plans don't include logging capabilities, leaving data in the cloud without visibility.

"This is similar to the Bill Gates memo back in the early 2000s where he said we need to rebuild and restructure Microsoft and Windows to be more secure. Microsoft needs to go down that road again," Honan said. "Microsoft has to look at their whole range of products - cloud and on-premises - with a view that security should not be an extra premium. It should be a core part of the product."

In this video interview with Information Security Media Group at Infosecurity Europe 2024, Honan also discussed:

  • The need for Microsoft to include essential security features as standard in all plans;
  • The risks posed by new technologies such as Microsoft's Copilot;
  • Why multifactor authentication is crucial for protecting sensitive data and preventing cyberattacks.

Honan, who has more than 20 years of experience in cybersecurity and data protection, advises various government departments, startups, multinational corporations, the European Commission and the European Union Agency for Cybersecurity on information security matters.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing paymentsecurity.io, you agree to our use of cookies.