Contact Us

|

Careers

|

Change Locale
close

No Silver Bullets: The Case for Enhancing Office 365 Security

Security | Posted on August 21, 2017 by Softchoice Advisor

All solutions have their pros and cons. Office 365 has more pros than one can count. For example, Exchange Online pulls Exchange Server into the cloud as a hosted multi-tenant cousin of its on-premises self. Not having to worry about your email server’s hardware and upgrades is a dream come true for many. Office 365 also bundles a bevy of rich solutions, including SharePoint, Skype for Business, OneDrive, Teams, Office applications and more. At the same time, you have the ultimate SaaS-worthy solution if you’re ready to migrate off premises.

But, what of the ‘cons’?

I’ve personally worked with Exchange Server on-premises for two decades and have never deployed Exchange in an enterprise environment and walked away. Instead, I’ve bolstered its security through the surrounding third-party ecosystem. My team and I have always won praise from Microsoft for our valid and valued solutions. These include security gateway, archive, monitoring, availability, and backup/recovery solutions. The list goes on. We never considered it “anti-Exchange” to say we prefer to enhance it with other software, appliances, or cloud solutions. The same mindset holds true for Exchange Online.

So where are the gaps? What holes are we looking to plug with bolted-on, third-party solutions? We see many of the same gaps we have with Exchange run on-premises. These are security, compliance/archive, backup/recovery, monitoring, continuity and so forth. To be fair, Microsoft has more control over their own Exchange environment. For this reason, they’ve improved and continue to improve their security story in many of these cases. The question for you is whether there is a gap wide enough to warrant added budget for third-party help.

There is. Let me make my point using Security as the prime example.

The defense-in-depth approach

Today, security is paramount. Ransom-ware, spear-phishing, and impersonation attacks have increased in cadence and sophistication. Office 365 includes basic Online Protection (EOP) for free. This has the effect of blocking malicious email from entering. Beyond that, Microsoft has a for-pay solution called Advanced Threat Protection (ATP). This offers a “safe attachments” solution and a static block list of “safe links.” But, even together, EOP and ATP provide less protection than a third-party security gateway like Mimecast.

Only a “defense-in-depth approach” will protect you in this insidious and ever-evolving world. With this method, you locate points of weakness and bolster those points. For instance, you protect the end-user, end-point, the DNS level, infrastructure (patches) and the gateway. To achieve this, you must start with your weakest link – your people. Ensure your employees have the right training and redundancies. You must be sure to update and guard your infrastructure. And, you must be certain to protect your email solution. This is the easiest way into your organization for weaponized attachments and links.

Filling in the gaps

3rd party services will help you make the most of Office 365 – whether it’s adding advanced archiving capabilities, improving eDiscovery, ensuring 100% up-time or more critically augmenting it’s security to enable a “defense-in-depth-approach”. At this point, you should be somewhat curious to hear the rest of this story. Join me, on Tuesday, September 19th at 2:00 pm EST as we dive deeper into the story of  “Taking the Defense-in-Depth Approach for Office 365 “ and how Mimecast’s solutions can help.

By: Guest Blog by J. Peter Bruzzese (Office Servers and Services MVP)

Categories

Related Articles

Cloud | December 6, 2018 by Maya Cieszynska

Moving Beyond Cloud FUD It is necessary that companies be able to take advantage of a newly connected business world. These days, the speed, mobility, and flexibility offered by the cloud are just table stakes. It’s vitally important that your company overcomes the fear, uncertainty, and doubt (FUD) that can surround the cloud.

Security | November 14, 2018 by Susana Byun

The IT community has come full-circle on security in the cloud. A few years ago, any IT professional would have shuddered to imagine storing information in someone else’s data center. Today, cloud and hybrid IT are facts-of-life for many businesses.

Security | October 29, 2018 by Susana Byun

One of the most hyped use cases of software-defined networking (SDN) is micro-segmentation — and for a good reason. With solutions such as VMware NSX, micro-segmentation promises several high-value business outcomes. These include modern security, seamless operations and optimized user experience. Learn the key three reasons why you should consider micro-segmentation for your organization.