Office 365 is a suite of services that include email, collaboration through an intranet SharePoint site, online conferencing/IM/presence, file storage and sharing through OneDrive for Business, enterprise social networking through Enterprise Yammer, Office Online, desktop versions of Office (including Word, Excel, PowerPoint, Outlook, Notepad, Access, Publisher and Skype for Business) and a host of other services depending on the plan you choose.
While Office 365 may seem to tick all the boxes (and that’s certainly what Microsoft will tell prospects), it’s important to outline to customers and prospects the security, continuity and data assurance risks involved in being fully reliant on a single vendor.
Microsoft is always releasing either new services or new/improved features to existing services. It’s one of the benefits to having services in the cloud. The release cadence is incredible (and hard to keep up with at times). To see and access features, you may need to log into the web portal for Office 365 and access them through the App Launcher.
Office Graph: Uses machine-learning techniques to connect you to what it determines to be relevant documents, conversations, and people. It watches what you do, what interests you, and what you treat as important to provide a personalized experience around your workflow.
Office 365 Video: Provides the ability to upload video content to your company portal so that you can share this kind of content quickly and securely. Note: Microsoft also announced a new solution called Stream for next-gen video services to replace Office 365 Video.
Clutter: We all receive email that we may have signed up for (such as a newsletter); that email is not junk, but you probably don't consider it very important. Clutter uses the intelligence of Office Graph to see how important (or unimportant) email is to you. It learns over time your levels of importance, then uses that analysis to separate the clutter from other inbox items. You can quickly scan the clutter, mark individual items as "not clutter," and take action on the rest of it, such as deleting it all. Of course, if you don't like the feature, you can turn it off.
Delve (code name was Oslo): works with Office Graph to create a Pinterest-like trending view based on what you're working on. It is tailored to you personally.
We’re not going to pick apart every little thing about Office 365 and Exchange Online. There is no point in doing that. It’s a great solution, and priced right. I’m only going to hit the risk areas that make people nervous about Office 365. I’ll explain what is built in and why a third-party bolt-on would be better to enhance the overall solution.
Security Exchange on-premises (2013/2016) includes an anti-malware solution and anti-spam agents. These offer very basic protection, so most enterprise deployments of Exchange look to a third party on-premises appliance or cloud-based solution to really cover themselves against all the bad stuff: spam, malware, phishing, spear phishing, whaling, impersonation attacks, ransomware attacks and so on.
Spear phishing is becoming a focal point for attackers looking to breach organizations’ defenses, and it is very treacherous. It’s targeted against a specific company, and has led to some major, high-publicity hacks, because there were no solutions in place to help detect the spear phishing attack.
Exchange Online comes with a free solution called Exchange Online Protection (EOP). It’s enabled by default and provides basic anti-spam/malware protection. Does it work? It does… and the EOP dev team is aggressively seeking to improve the solution. However, the last thing you want is to get pulled into a security monoculture.
On-premises, every company handles security a little differently, with a combination of vendors involved, multiple locks to pick and each company its own target. With Office 365 all tenants are together under the same security codebase, providing a very target rich environment. Dan Geer, a risk management specialist and cyber-security expert, has repeatedly pointed out the problem of a security monoculture, especially with regard to Microsoft. His primary focus was on the number of Microsoft workstations connected to the Internet. But an even greater threat is to have a multitenant email solution monopoly (which is inevitable at this point) with a single security solution code base protecting all the tenants.
All cloud services fail from time to time. The reasons vary, and the length of time is unpredictable. And it happens to all vendors, so there is no point in bashing Microsoft for downtime of Office 365 pieces (including Exchange Online), because every major/minor vendor has dealt with it. There is no perfect vendor with a perfect amount of uptime (that’s impossible). However, I still consider this to be a gap and an area for risk mitigation, because it comes down to whether or not you have options when/if the service is down. It’s like jumping out of a plane. You have a primary chute and hope it works. But every once in a while, it may not (for whatever reason). It sure is a life saver knowing you have that backup chute in place. Microsoft does a fantastic job of data protection management through their native data protection solution. This utilizes the Exchange database availability group (DAG) feature to ensure the active database has multiple passive copies (lagged) split between datacenters. On the plus side this really eliminates a lot of risk over your existing data. But there are a few things this doesn’t provide. It doesn’t offer a backup of data so you can restore to a point in time. It doesn’t ensure other essential services that work with Office 365 will remain up and running (like Azure AD, EOP, etc.) It doesn’t give your end users a way to work in the event the primary service goes down.
For more information on Mimecast and 0365, please click below or contact your account manager today.