All solutions have their pros and cons. Office 365 has more pros than one can count. For example, Exchange Online pulls Exchange Server into the cloud as a hosted multi-tenant cousin of its on-premises self. Not having to worry about your email server’s hardware and upgrades is a dream come true for many. Office 365 also bundles a bevy of rich solutions, including SharePoint, Skype for Business, OneDrive, Teams, Office applications and more. At the same time, you have the ultimate SaaS-worthy solution if you’re ready to migrate off premises.
But, what of the ‘cons’?
I’ve personally worked with Exchange Server on-premises for two decades and have never deployed Exchange in an enterprise environment and walked away. Instead, I’ve bolstered its security through the surrounding third-party ecosystem. My team and I have always won praise from Microsoft for our valid and valued solutions. These include security gateway, archive, monitoring, availability, and backup/recovery solutions. The list goes on. We never considered it “anti-Exchange” to say we prefer to enhance it with other software, appliances, or cloud solutions. The same mindset holds true for Exchange Online.
So where are the gaps? What holes are we looking to plug with bolted-on, third-party solutions? We see many of the same gaps we have with Exchange run on-premises. These are security, compliance/archive, backup/recovery, monitoring, continuity and so forth. To be fair, Microsoft has more control over their own Exchange environment. For this reason, they’ve improved and continue to improve their security story in many of these cases. The question for you is whether there is a gap wide enough to warrant added budget for third-party help.
There is. Let me make my point using Security as the prime example.
The defense-in-depth approach
Today, security is paramount. Ransom-ware, spear-phishing, and impersonation attacks have increased in cadence and sophistication. Office 365 includes basic Online Protection (EOP) for free. This has the effect of blocking malicious email from entering. Beyond that, Microsoft has a for-pay solution called Advanced Threat Protection (ATP). This offers a “safe attachments” solution and a static block list of “safe links.” But, even together, EOP and ATP provide less protection than a third-party security gateway like Mimecast.
Only a “defense-in-depth approach” will protect you in this insidious and ever-evolving world. With this method, you locate points of weakness and bolster those points. For instance, you protect the end-user, end-point, the DNS level, infrastructure (patches) and the gateway. To achieve this, you must start with your weakest link – your people. Ensure your employees have the right training and redundancies. You must be sure to update and guard your infrastructure. And, you must be certain to protect your email solution. This is the easiest way into your organization for weaponized attachments and links.
Filling in the gaps
3rd party services will help you make the most of Office 365 – whether it’s adding advanced archiving capabilities, improving eDiscovery, ensuring 100% up-time or more critically augmenting it’s security to enable a “defense-in-depth-approach”. At this point, you should be somewhat curious to hear the rest of this story. Join me, on Tuesday, September 19th at 2:00 pm EST as we dive deeper into the story of “Taking the Defense-in-Depth Approach for Office 365 “ and how Mimecast’s solutions can help.
By: Guest Blog by J. Peter Bruzzese (Office Servers and Services MVP)