Governance & Risk Management , Video , Vulnerability Assessment & Penetration Testing (VA/PT)
Microsoft 365's Security Gaps: Logging and Beyond
BH Consulting's Brian Honan on Enabling Standard Security Features in Microsoft 365Robust logging capabilities in Microsoft 365 are crucial to prevent security breaches, said Brian Honan, CEO of BH Consulting. A recent intrusion into the Microsoft 365 cloud environment is a case in point. The breach, reportedly by state-sponsored actors from nations targeting the U.S., compromised several government accounts.
See Also: Zero Trust: Approaches, Use Cases, and Myths Debunked
The incident revealed how many of Microsoft's clients who store critical information in Microsoft 365 use license plans lacking essential security features. Many plans don't include logging capabilities, leaving data in the cloud without visibility.
"This is similar to the Bill Gates memo back in the early 2000s where he said we need to rebuild and restructure Microsoft and Windows to be more secure. Microsoft needs to go down that road again," Honan said. "Microsoft has to look at their whole range of products - cloud and on-premises - with a view that security should not be an extra premium. It should be a core part of the product."
In this video interview with Information Security Media Group at Infosecurity Europe 2024, Honan also discussed:
- The need for Microsoft to include essential security features as standard in all plans;
- The risks posed by new technologies such as Microsoft's Copilot;
- Why multifactor authentication is crucial for protecting sensitive data and preventing cyberattacks.
Honan, who has more than 20 years of experience in cybersecurity and data protection, advises various government departments, startups, multinational corporations, the European Commission and the European Union Agency for Cybersecurity on information security matters.