Contact Us

|

Careers

|

Change Locale
close

No Silver Bullets: The Case for Enhancing Office 365 Security

Security | Posted on August 21, 2017 by Softchoice Advisor

All solutions have their pros and cons. Office 365 has more pros than one can count. For example, Exchange Online pulls Exchange Server into the cloud as a hosted multi-tenant cousin of its on-premises self. Not having to worry about your email server’s hardware and upgrades is a dream come true for many. Office 365 also bundles a bevy of rich solutions, including SharePoint, Skype for Business, OneDrive, Teams, Office applications and more. At the same time, you have the ultimate SaaS-worthy solution if you’re ready to migrate off premises.

But, what of the ‘cons’?

I’ve personally worked with Exchange Server on-premises for two decades and have never deployed Exchange in an enterprise environment and walked away. Instead, I’ve bolstered its security through the surrounding third-party ecosystem. My team and I have always won praise from Microsoft for our valid and valued solutions. These include security gateway, archive, monitoring, availability, and backup/recovery solutions. The list goes on. We never considered it “anti-Exchange” to say we prefer to enhance it with other software, appliances, or cloud solutions. The same mindset holds true for Exchange Online.

So where are the gaps? What holes are we looking to plug with bolted-on, third-party solutions? We see many of the same gaps we have with Exchange run on-premises. These are security, compliance/archive, backup/recovery, monitoring, continuity and so forth. To be fair, Microsoft has more control over their own Exchange environment. For this reason, they’ve improved and continue to improve their security story in many of these cases. The question for you is whether there is a gap wide enough to warrant added budget for third-party help.

There is. Let me make my point using Security as the prime example.

The defense-in-depth approach

Today, security is paramount. Ransom-ware, spear-phishing, and impersonation attacks have increased in cadence and sophistication. Office 365 includes basic Online Protection (EOP) for free. This has the effect of blocking malicious email from entering. Beyond that, Microsoft has a for-pay solution called Advanced Threat Protection (ATP). This offers a “safe attachments” solution and a static block list of “safe links.” But, even together, EOP and ATP provide less protection than a third-party security gateway like Mimecast.

Only a “defense-in-depth approach” will protect you in this insidious and ever-evolving world. With this method, you locate points of weakness and bolster those points. For instance, you protect the end-user, end-point, the DNS level, infrastructure (patches) and the gateway. To achieve this, you must start with your weakest link – your people. Ensure your employees have the right training and redundancies. You must be sure to update and guard your infrastructure. And, you must be certain to protect your email solution. This is the easiest way into your organization for weaponized attachments and links.

Filling in the gaps

3rd party services will help you make the most of Office 365 – whether it’s adding advanced archiving capabilities, improving eDiscovery, ensuring 100% up-time or more critically augmenting it’s security to enable a “defense-in-depth-approach”. At this point, you should be somewhat curious to hear the rest of this story. Join me, on Tuesday, September 19th at 2:00 pm EST as we dive deeper into the story of  “Taking the Defense-in-Depth Approach for Office 365 “ and how Mimecast’s solutions can help.

By: Guest Blog by J. Peter Bruzzese (Office Servers and Services MVP)

Related Articles

Cloud | December 20, 2019 by Ryan Demelo

The stakes surrounding data security and risk mitigation rise with each passing year. Data breach costs continue to increase and potential threats grow more sophisticated.  According to IBM, the average total cost of a data breach – after accounting for remediation, reputational damage and regulatory issues – has reached $3.92 million. While smaller organizations may […]

Cloud | December 11, 2019 by Karly Pierce

IT organizations have seen too much of their time consumed by non-strategic tasks. This comes at great cost to their bottom lines and cloud transition strategies.  In fact, a 2018 Stripe survey found that between dealing with bad code, technical debt and various refactors or modifications, most of the typical developer workweek was wasted.   That […]

Cloud | November 28, 2019 by Ryan Demelo

Among the biggest obstacles to IT resilience is the “data dilemma.”  That data has become “the new oil” is a well-worn cliché by now. But clichés earn that status because they originate in the truth. And it’s true that today, data drives the decision-making that moves businesses forward. Protecting it is more important than ever. […]