Every day it seems we can’t escape a catchy jingle from freecreditreport.com, or some other advertisement educating us on what we should or should not know about credit scores. With increasing security breaches and identity theft, credit monitoring and awareness is as much of a social responsibility as it is a commitment – and as adults, we should be actively engaged in knowing and monitoring our credit behavior.
While we will never know the secret algorithms that truly determine our FICO credit scores, we do know that it often serves as a statistical barometer comparing oneself to the sum of society. If we analyze an organization’s health we often compare its financial measures to similar industry’s metrics. But what about security? How do we measure not only our own state, but a comparative assessment on the feature sets and their secure configurations?
Credit scoring and monitoring requires a level of commitment by an individual - this same level of commitment is also needed by organizations in regards to security. Sure, there are independent audits, assessments, and other tools, but how easy and readily available are those to every business? Each organization is often a matrix of systems, cloud, on premises, and even hybrid - and with each addition the security variables can multiply.
To ease the minds of users, Office 365 has worked towards leveling the playing field for everyone by easily enabling visibility into an organization’s security configuration by providing you an Office 365 Secure Score. While this does not solve the security concerns of one’s own cadre of systems, this does help answer concerns and questions people have with the ever growing capabilities of the platform.
So what is the Office 365 Secure Score?
It's a tool that has two components, the Dashboard and the Score Analyzer.
Microsoft has its own baseline configuration for the expected and best practice for a secure configuration. Microsoft Secure Score assesses the services and applications in Office 365 against the baseline and provides a Secure Score – like a credit score for your environment.
While there is a disclaimer that this secure score is not intended to give you a likelihood for a breach, it is intended to specifically layout what actions and activities you can perform to increase the security of your tenant configuration.
Not everyone has time to easily perform every action the score recommends. The tool does help you get the biggest bang for your buck by helping prioritize which activities and configuration changes will improve your score the most.
How the Scoring Works
Currently, the Microsoft Secure Score has a range from 0 (min) to 430 (max). Additionally, scoring with the tool will also provide you an assessment with the average Secure Score. The average score is shocking. If you are curious what the current average Secure Score is, make sure to check out the 2nd part to this blog series on the 5 shocking revelations of the Secure Score. (Coming soon!)
This is also a moving score, and enables you to track where you have been and to plan where you want to go. This is a nice perspective in that it doesn’t inundate you with a list of your “security failures” that require immediate actions (although some may be required depending on your findings).
You can see the action queue below displays you the actions needed and what your score will be once those set of particular actions are completed. This pending score can be adjusted by using the sliding scale shown above. Increase the score – more actions are added to your queue. Decrease the score and less actions are required on your part.
Lastly, because we know that the Office 365 product is ever changing, the Secure Score dashboard also provides you a summary of 2 important areas:
- What’s New – these are new controls and workflows to easily set-up security rules
- Risk Assessment – the 3 main areas that you are currently at risk for
The risk assessment section does specify that the “threats could be mitigated by taking the recommended Secure Score actions.” This important because the key words in that statement are “could be mitigated” – just something important to keep in mind.