Sponsored by Mimecast - Conversational Geek · • Office Graph: Uses machine-learning techniques...
Transcript of Sponsored by Mimecast - Conversational Geek · • Office Graph: Uses machine-learning techniques...
SponsoredbyMimecast
Mimecastmakesbusinessemailanddatasaferfortensofthousandsoforganizationsandmillionsofemployees.Foundedin2003,the
company’snext-generationcloud-basedsecurity,archivingandcontinuityservicesprotectemail,
anddelivercomprehensiveemailriskmanagementinasingle,fully-integrated
subscriptionservice.
www.mimecast.com
ConversationalOffice365RiskMitigation
ByJ.PeterBruzzese
©2017ConversationalGeek
ConversationalOffice365RiskMitigationPublishedbyConversationalGeek®Inc.
www.conversationalgeek.com
Allrightsreserved.Nopartofthisbookshallbereproduced,storedinaretrievalsystem,ortransmittedbyanymeans,electronic,mechanical,photocopying,recording,orotherwise,withoutwrittenpermissionfromthepublisher.Nopatentliabilityisassumedwithrespecttotheuseoftheinformationcontainedherein.Althougheveryprecautionhasbeentakeninthepreparationofthisbook,thepublisherandauthorassumenoresponsibilityforerrorsoromissions.Norisanyliabilityassumedfordamagesresultingfromtheuseoftheinformationcontainedherein.
TrademarksConversationalGeek,theConversationalGeeklogoandJ.theGeekaretrademarksofConversationalGeek®.Alltermsmentionedinthisbookthatareknowntobetrademarksorservicemarkshavebeenappropriatelycapitalized.Wecannotattesttotheaccuracyofthisinformation.Useofaterminthisbookshouldnotberegardedasaffectingthevalidityofanytrademarkorservicemark.
WarningandDisclaimerEveryefforthasbeenmadetomakethisbookascompleteandasaccurateaspossible,butnowarrantyorfitnessisimplied.Theinformationprovidedisonan“asis”basis.Theauthorandthepublishershallhaveneitherliabilitynorresponsibilitytoanypersonorentitywithrespecttoanylossordamagesarisingfromtheinformationcontainedinthisbookorprogramsaccompanyingit.
AdditionalInformationForgeneralinformationonourotherproductsandservices,orhowtocreateacustomConversationalGeekbookforyourbusinessororganization,pleasevisitourwebsiteatConversationalGeek.com
PublisherAcknowledgments
Allofthefolksresponsibleforthecreationofthisguide:
Author: J.PeterBruzzese
ProjectEditor: NickCavalancia
CopyEditor: JohnRugh
ContentReviewer: DavidHood
NotefromtheAuthor
Greetings!
Youmayfindthishardtobelieve,consideringthefactthatI’manOfficeServersandServicesMVP,buttherewasatimewhenIcampaignedadamantlyagainstgoing‘cloud’foryourenterprisegradeserverservices.Ifeltthecloudjustwasn’tready.Myfear,uncertaintyanddoubt(theFUD)wereoffthecharts!Nothingcouldchangemymind.AndthenIchangedmymind.
IstartedtoseethecompaniesIconsultwithseriouslyconsideringthemovetothecloud.CIOsweremandatingthemove,andITadminswerestucktryingtofigureouthowtomakeithappenandhowtopreparefortheworst.Imadethedecisiontogo‘allin’andimmersemyselfinOffice365inordertobeabletoassistmyclientstoagreaterdegree.Andinallhonesty,Ifellinlovewithit.
Afternearly2decades(ascore,ifyouwill)ofExchangeon-premisesfocus,Ifounditsomucheasiertoletothersworryaboutthehardware,upgrades,availabilityandsoforth.Thesideservices(ahem…Yammer)don’tenticeme,butfewareswitchingtoOffice365forthesideservices.E-mailiswhattheyreallywant.
However,Idiscoveredthereweresomegaps.AreasofconcernIhadtomitigate.RisksIdidn’twanttojusthopeandpraywouldn’thurtme.Iisolatedthoserisks…andfoundwaystomitigatethem.ThisbookwilltellyouwhatIdiscovered.
J.PeterBruzzese
The“Conversational”Method
Wehavetwoobjectiveswhenwecreatea“Conversational”book:First,tomakesureit’swritteninaconversationaltonesoit’sfunandeasytoread.Second,tomakesureyou,thereader,canimmediatelytakewhatyoureadandincludeitinyourownconversations(personalorbusiness-focused)withconfidence.
Thesebooksaremeanttoincreaseyourunderstandingofthesubject.Terminology,conceptualideas,trendsinthemarket,andevenfringesubjectmatterarebroughttogethertoensureyoucanengageyourcustomer,team,co-worker,friendandeventheknow-it-allBestBuygeekonalevelplayingfield.
“GeekintheMirror”Boxes
Weinfusehumorintoourbooksthroughbothcartoonsandlightbanterfromtheauthor.Whenyouseeoneoftheseboxes,it’stheauthorsteppingoutsidethedialogtospeakdirectlytoyou.Itmightbeananecdote,itmightbeapersonalexperienceorgutreactionandanalysis,itmightjustbeasarcasticquip,butthese“geekinthemirror”boxesarenottobeskipped.
Greetings.TheycallmeJ.WithintheseboxesIcansharejustaboutanythingonthe
subjectathand.Read’em!
Office365(101)forITProfessionals
WhatisOffice365?Therearetwoanswerstothisquestion,onefortheend-user,thosefolkswhousetheservicesprovidedbyOffice365,andonefortheITprofessionalsanddecisionmakerswithinacompany.Thismini-bookfocusesontheITPro,sowewillanswerthequestionfromthatperspective.
Office365isMicrosoft’scloudsuiteofcollaboration,communicationandproductivitytools.Inlate2015theOfficeBlogcalledit“oneofthefastestgrowingbusinessinMicrosoft’slonghistoryofprovidinginnovativetechnologyproducts”.
TheinstallbaseforOffice365isgrowingrapidly.OnApril27th,2017MicrosoftCEOSatyaNadellasaidtherearemorethan100millionmonthlyactiveusers.Andtheyaregaining2.5millionmorepermonth.Asfastasit’sgrowing,therearestillmanywhodon’treallyknowwhatitis.Intruth,thenameisabitconfusing.It’sgoodtonotethatitspredecessorhadanevenworsename:BusinessProductivityOnlineSuite(orBPOSforshort).
Office365wasinitiallyreleasedJune28th,2011(sixyearsago)andyetmanyarestill
unsureaboutwhatitis.
ThereasonOffice365isconfusingisbecausemanyfolksthinkitisreferringtothenextflavorofOffice,andtoadegreetheyarecorrect(I’llexplainthat).ButtheprimaryofferingisactuallyMicrosoft’shosted(akaonlineinthe“cloud”)versionsofExchange(ExchangeOnline),SharePointandSkypeforBusiness(aswellasavarietyofothertools,dependingontheplanchosen).
Let’sbreakdownwhatOffice365isallabout.
Office365ServicesOneofthemostcompellingservicesforOffice365istheabilitytohavehostedmailboxeshandledbyMicrosoftintheirdatacenters.Fromasimplisticpointofviewthedifferencebetweenyourmailboxbeingon-premisesorinthe“cloud”isthatyoucankicktheserveron-premises,butifyoufindthelocationofyourdatacenterandmakeyourwaytoitandtrytokickaserveryouwillbetakendownbysecuritybeforeyougetwithin100feetoftheperimeter.Andifyoudidmanagetosneakin,thereisnowayyouwouldeverfindtheserverwithyourmailbox.Ever.
So,arewesayingthatOffice365isjustanemailsolutionofferedbyMicrosoft?Thatisoneofitsmanyfeatures(andaprimaryoneatthat).Microsoftwantsyoutotrustthemwithyourmailboxes.Isitfree?LikeGmail?Well,Gmailisfreetoindividuals,andMicrosoftLiveaccountsincludeOutlook.comemailmailboxesthatarefreetoindividualstoo.ButOffice365isasubscriptionserviceandtheofferingsgobeyondjustemail.
Office365isasuiteofservicesthatincludeemail,collaborationthroughSharePointsites,onlineconferencing/IM/presence,filestorageandsharingthroughOneDriveforBusiness,chat-basedworkspacecollaborationthroughMicrosoftTeams,enterprisesocialnetworkingthroughEnterpriseYammer,OfficeOnline,desktopversionsofOffice(includingWord,Excel,PowerPoint,Outlook,Notepad,Access,PublisherandSkypeforBusiness)andahostofotherservicesdependingontheplanyouchoose.
MicrosoftTeams
ThedesktopversionsofOfficeareincludedaboveaspartofasubscriptionplansothatratherthanpurchasingafulllicenseforOfficeforseveralhundreddollarsyoucanpurchaseasubscription-basedOffice(whichisnowOffice2016atthe
base)thatyoupayformonthly.Samesolution,differentpaystructure.
ABreakdownofServices
• ExchangeOnline:Allowsyoutohavebusiness-classmailboxesforyourcompanyhandledbyMicrosoft.Microsoftprovidesdataredundancy(multiplepassivecopies),basicsecurity,etc.…
• SharePointOnline:Allowsyourcompanytosharedocumentsandcollaboratethroughworkflowtools.
• SkypeforBusiness:ProvidesIMandpresencecapabilities,aswellasonlinemeetingtools(audio/videoconferencingandscreen/applicationsharing).Note:TheE5planincludesPSTNconferencingandPSTNcallingfeatures.
• OneDriveforBusiness:Cloudstoragetostore,sync,shareandcollaborateusinganydevice.Ifyou’veusedDropbox,it’stheO365equivalent.
• MicrosoftTeams:Offersachat-basedworkspacewhereinternalteamscanmeet.Itincludesnotesandattachments.Ifyou’veseenorworkedwithSlack,thisisMicrosoft’scompetitiveversion(althoughunlikeSlack,currentlyyoucannotallowpersonsoutsidetheorganizationtoparticipateonaTeam(yet)).
• Yammer:Abusiness-basedsocialnetworkingtoolforpeopleinyourcompany.Thinkofitlikein-houseFacebook(whichmaymakeyousmileorcringedependingonyourcompanycultureand/orposition).Youcanpostmessages,pictures,documents,etc…andcommunicateandcollaboratewithcolleaguesthroughYammer.
• MobileApps:ThereareavarietyofdifferentmobileappstohelpyouworkwithyourOffice365solutionincludingOfficeforiPad,OfficeMobile(alreadyinstalledonyourWindowsphonesandavailableforiPhoneandAndroidmodels),OutlookMobile,SkypeforBusinessMobile(alsoavailableforWindowsphones,iPhone/iPadandAndroid),OneDriveappandmore.
NewTools/FeatureCadenceMicrosoftisalwaysreleasingeithernewservicesornew/improvedfeaturestoexistingservices.It’soneofthebenefitstohavingservicesinthecloud.Thereleasecadenceisincredible(andhardtokeepupwithattimes).Itfeelslikesomethingnewisreleaseddaily.
Past“new”toolsandfeaturesincludethefollowing:
• OfficeGraph:Usesmachine-learningtechniquestoconnectyoutowhatitdeterminestoberelevantdocuments,conversations,andpeople.Itwatcheswhatyoudo,whatinterestsyou,andwhatyoutreatasimportant,toprovideapersonalizedexperiencearoundyourworkflow.
• Delve:workswithOfficeGraphtocreateaPinterest-liketrendingviewbasedonwhatyou'reworkingon.Itistailoredtoyoupersonally.
• Office365Video:Providestheabilitytouploadvideocontenttoyourcompanyportalsothatyoucansharethiskindofcontentquicklyandsecurely.
• Clutter:Weallreceiveemailwemayhavesignedupfor(suchasanewsletter);thatemailisnotjunk,butyouprobablydon'tconsideritveryimportant.ClutterusestheintelligenceofOfficeGraphtoseehowimportant(orunimportant)emailistoyou.Itlearnsovertimeyour
levelsofimportance,thenusesthatanalysistoseparatetheclutterfromotherinboxitems.
Newer“new”toolsandfeaturesincludethefollowing:
• MicrosoftPlanner:Helpsyouorganizeteamworkbetterbyallowingyoutocreatenewplans,organizeandassigntasks,sharefiles,chatandmore.
MicrosoftPlanner
• SecureStore:ComparesyourcurrentO365servicesandconfigurationstoabaselineassertedbyMicrosoftandthenencouragesadjustments.
• StaffHub:Enablesstaffworkersandtheirmanagerstomanagetime,communicatewiththeirteamsandsharecontent.
• Bookings:Atoolforsmallbusinessestoscheduleandmanageappointmentsfortheircustomers.
• Classroom:Manageallclassesandassignmentworkflowforteachersandstudents.
Thesearejustahandfuloftoolsandfeaturesthathavebeenreleased.Sway,PowerApps,Flowandmorearealso“new”andevolving.
AccessingYourToolsandFeaturesToseeandaccesstoolsandfeatures,youneedtologintothewebportalforOffice365andaccessthemthroughtheAppLauncher.Clickthe9tileiconinthetopleftofyourscreenpost-loginandyou’llbeshownalltheappsinyourAppLauncher.Note:DependingontheappsyouhaveavailableyoumayseemoreorfewerappsthanwhatIhavehere.
Office365AppLauncher
Office365:TheAdminPerspectiveAsmentioned,Office365isallaboutthehostedservicesyoucanobtainbychoosingapackagethatfitsyourneeds.Atthesametime,it’salsoaboutsubscriptionOffice(ifyoupickaplanthatincludestheOfficesuite).ThereareBusinessand
Enterprise(E1/3/5)planstochoosefrom.TherearealsooptionsforEducation,Government,NonprofitandHome(forpersonalplans).
Everyplanyouchoosehasabaseofservices,andifyouneedadditionalservicesnotinyourplan,youcaneitherchoosethenextplanuporaddservicesalacarte(solongasthatmakessensefinanciallywhencomparedtochoosingthenextplanup).
SeveralPlanOptions
Logically,theplanyouchoosewillhaveapricetagattached.Thiswilloftendrivethedecisiononwhichplanisbestforyou.Youwanttobecarefulthattheplanyouchooseincludesfeaturesyoudesire.Forexample,ifyougetaBusinessplan(asopposedtoanEnterpriseplan)youmaynothavesomeoftheregulatorycompliancefeaturesyouwouldliketohave(likepremiumjournaling).Youcanalwaysupgradeyourplanifyouneedto,butitwouldbebettertoknowupfrontwhatyourplansupports.Theseplansarenotjustbasedonnumberofseats,theyhaveenabled/disabledfeaturestoconsiderandsomeincludeOfficewhileothersdonot.
Icaneasilyaddnewuserstomyportal,pullupreports,andmore.It’seasyenoughfornon-adminstofigureoutbuthasin-depthadminconsolesthatseasonedITproswillappreciatetoo.Forexample,whenworkingwithspecificfeaturesofOffice365,likeExchangeOnline,Ihavetheabilitytoworkwithaweb-basedportalsolutionsimilartowhatIuseon-premises.
SofromanITadminperspective,it’sgreattonothavetolearnawholenewinterfacewhenworking.
Oftentimeswithhostedsolutionsitdoesn’tworkthatway.Yougetsomekindofproprietarytoolset(web-based)thatgivesyouverylimitedoptions.ButwithOffice365yougetaveryrobustadministrationexperience.Asclosetoon-premisesasyoucanhopeforwithahostedsolution,inmyopinion.
Inaddition,youcanestablisharemotePowerShellconnectiontoOffice365andperformmost(butnotall)tasksthroughthecommand-lineasyouwouldthroughtheShell.
Office365AdminCenter
TheOffice365TrustCenterMicrosoftknowsthatitishardtotrustsomeoneelsewiththelifebloodofyourcompany…data.Therehavebeensomescarybreachesinsecurityoverthepastfewyears,andithasfolksabitleerywithregardtousingthecloudforcorporatedata.
ToassistpeopleinlearningallthatMicrosoftisdoingtoearnandmaintainthattrusttheyhaveestablishedaTrustCenterforOffice365.ItfocusesonhowOffice365hasbeendesignedwithbuilt-insecurity,continuouscompliance,privacybydesign
andtransparentoperations(eachsubjectgettingitsowntabtodrilldownabitmoreonthesubject).
Note:TheOffice365TrustCenterURL:https://products.office.com/en/business/office-365-trust-center-cloud-computing-security
KeyplayersintheOffice365spacehavebeencreatingvideocontentforaseriescalled“Conversationsfrominsidethecloud”thatfocusesonkeysubjectslike“WhytrustOffice365?”withJuliaWhite(GeneralManagerforOffice365)andRajeshJha(CorporateVicePresident,OperationsandServicesEngineering).Anothergreatonetowatchis“Isyourdatasafeatrest?”withVivekSharma(PartnerGroupProgramManager,Office365Engineering)whichhassomecooldatacentersecuritypoints.
OneofthebenefitsoftheTrustCenteristhatyoucanusethiscontenttohelpdecisionmakerswithinyourorganizationfeelmorecomfortableaboutthemovetoOffice365.Youmaybeconvincedit’stherightmoveforyourorganization,butyoustillhavetoconvincethefolkswhowritethechecks,andthiskindofcontentisshort,tothepoint,andveryeffectiveindoingjustthat.
TheOffice365OnlineRoadmap(aka…FlightPlan)InterestedinseeingtheOffice365roadmapbutdon’thaveabehind-the-scenespresspasswithasignedNDAinplacetomakeithappen?Well,MicrosofthasanonlineroadmapforOffice365thatshowsclearlyallthefeatureslaunched,beingrolledout(butnotyetavailabletoall),indevelopment,cancelled(forthosefeaturesnolongerinthequeueorindefinitelydelayed)andpreviousreleases.
TheOffice365onlineroadmapmakesiteasytoseefeaturesataglance,soyoucaneasilykeepuptodatewithMicrosoft’s
cloud-basedsolutionforallthingscollaborationandcommunicationforyourenterprise.
Ifigure,sinceOffice365isacloudsolution,insteadofcallingitaroadmap,itshouldbe
calledaflightplan.Right?
Note:TheOffice365RoadmapURL:http://fasttrack.microsoft.com/roadmap
TheBigTakeawaysOffice365isMicrosoft’shostedsuiteofcommunicationandcollaborationsolutionsincludingExchangeOnline,SharePointOnline,SkypeforBusinessandseveralothertools/features,dependingontheplanyouchoose.
Thereareavarietyofplanstochoosefromwithdifferentfeaturesandpricetagsattached.Youneedtomakesuretheplanyouchooseisbestforyourneeds.
SomeplanscomewithasubscriptiontoOfficesouserscaninstallthelatestversionofOfficeapplications.OneofthevaluestoOffice365isthatallofthesolutions(theserver-sideonesandend-userones)arekeptuptodateandarethelatestavailableiterationsofthosesolutions.
MicrosoftisaggressivelydevelopingouttheOffice365platformandenhancingfurtherthefeaturesthatcurrentlyexist.Youcancheckthepublicfacingroadmap(akaflightplan…it’llcatchon)toseewhat’sindevelopmentforthefuture.YoucanalsokeepaneyeonOfficeblogs(http://blogs.office.com)toassistinstayingontopofnewfeaturesandfutureenhancements.
RiskMitigationandOffice365
AsImentionedinmynoteatthebeginning,IjumpedinwholeheartedlywithOffice365withExchangeOnlineandhaven’tlookedback.However,withon-premisesExchangetherewerealwaysgapsthatcausedmetoreachouttotheecosystemsetofsolutionsfromthirdpartiesthatsurroundExchangetoplugthosegaps.Asecurityappliance,abackupsolution,amonitoringpieceandsoon.IhavefoundExchangeOnlinetobesimilar,causingmetotakepauseandseekoutthirdpartysolutionstohelpmitigategapsandrisks.WhatIfindoddishowmanycompaniesaresimplyfoldingtheirhandsandsleepwalkingintoOffice365.
SleepwalkingintoOffice365Howmanyon-premisesdeploymentsofExchangehaveyoudoneovertheyears?HowmanyExchangeservershaveyoumanaged?Nowthinkaboutthis,whenhaveyoueverseenagreenfieldorlong-termdeploymentofExchangethatsimplyusedwhatExchangehadtoofferwithoutreachingouttowardecosystempartnerstoprovideimprovedservicestosurroundandsupportExchange?Toenhanceit.
Granted,maybewithSmallBusinessServerdeploymentsyoumighthavefolksjusttakingwhattheygetduetobudgetaryconcernspreventingthemfromdoingmore,butinmostdeploymentcasesyouseeExchangesurroundedbyabest-of-breedorbest-in-class(personalfavorite)backup/recoverysolution,monitoringsolution,securitysolution,archivingsolutionandsoforth.That’snormal.Sowhyisitwhenwemovetothecloud,andmovetoOffice365,wefoldourhandsandjustacceptwhatisprovidedorbuiltin?WhyarewesleepwalkingintoOffice365?
Solutionsarchitectsneedtore-inventthemselvesgoingforwardtobecomecloudriskmitigationexperts.Theyshouldn’tjustgiveup,thinking‘ohwell,it’sallinOffice365now,myjobisdead’.Theyneedtoembrace
theirnewplaceintheuniverse.
OntheonehandtherearethingsMicrosoftcandowithamulti-tenantcloud-basedversionofhostedExchangetheycouldn’tdowiththeon-premisesflavor.Becausetheyhavefullcontroloftheinfrastructure,theycanprovidehighavailabilityusing‘nativedataprotection’thatallowsformultiplepassive(andlagged)copiesofyourdatabasesacrossdatacenterstoprovideafantastichighavailabilityofferingthatwouldcostacompanytime/money/personneltoprovidein-
house.That’soneofthemanyreasonsIencouragefolkstomovetoOffice365.
Ontheotherhand,therearestillgapsintheservicesprovidedthatrequireathird-partysolution(aunique,all-in-onesolution)tohelpensurethetypeof1-to-1experienceyoutypicallyseeon-premisesduetothecombinationofExchangeandthird-partybolt-onenhancements.
FourKeyAreasforConcernWe’renotgoingtopickaparteverylittlethingaboutOffice365andExchangeOnline.Thereisnopointindoingthat.It’sagreatsolution,andpricedright.I’monlygoingtohittheriskareasthatmakepeoplenervousaboutOffice365.I’llexplainwhatisbuiltinandwhyathird-partybolt-onwouldbebettertoenhancetheoverallsolution.
Security
Exchangeon-premises(2013/2016)includesananti-malwaresolutionandanti-spamagents.Theseofferverybasicprotection,somostenterprisedeploymentsofExchangelooktoathirdpartyon-premisesapplianceorcloud-basedsolutiontoreallycoverthemselvesagainstallthebadstuff:spam,malware,phishing,spearphishing,whaling,impersonationattacks,ransomwareattacksandsoon.
Spearphishingisbecomingafocalpointforattackerslookingtobreachorganizations’defenses,anditisverytreacherous.It’s
targetedagainstaspecificcompany,andhasledtosomemajor,high-publicityhacks,
becausetherewerenosolutionsinplacetohelpdetectthespearphishingattack.
ExchangeOnlinecomeswithafreesolutioncalledExchangeOnlineProtection(EOP).It’senabledbydefaultandprovidesbasicanti-spam/malwareprotection.Doesitwork?Itdoes…andtheEOPdevteamisaggressivelyseekingtoimprovethesolution.However,thelastthingyouwantistogetpulledintoasecuritymonoculture.
Thetermmonocultureisdefinedasacommunityofcomputersthatallrunidenticalsoftwareandhavesimilarvulnerabilities.Office365mightbe
consideredaSaaSSecurityMonocultureifutilizedwithoutathird-partylayeredsecurity
solutionapproach.
On-premises,everycompanyhandlessecurityalittledifferently,withacombinationofvendorsinvolved,multiplelockstopickandeachcompanyitsowntarget.WithOffice365alltenantsaretogetherunderthesamesecuritycodebase,providingaverytargetrichenvironment.
DanGeer,ariskmanagementspecialistandcyber-securityexpert,hasrepeatedlypointedouttheproblemofasecuritymonoculture,especiallywithregardtoMicrosoft.HisprimaryfocuswasonthenumberofMicrosoftworkstationsconnectedtotheInternet.Butanevengreaterthreatistohaveamulti-tenantemailsolutionmonopoly(whichisinevitableatthispoint)withasinglesecuritysolutioncodebaseprotectingallthetenants.
Thinkoftheillustration“don’tputallyoureggsinonebasket”.Well,withOffice365you’reputtingallyoureggsandeveryoneelse’seggsallinonebigbasket.AmItheonlyonewhogetsnervousaboutthat?
EOPonitsowndoesn’tprotectagainstsomeoftherecentattacktypeswithweaponizedattachmentsandlinksthatmakeitthroughthefirstlineofdefenseandintoanend-user’smailbox.SoMicrosoftreleasedanewsolutioncalledAdvancedThreatProtection(ATP).ATPisincludedwithanE5plan,oryoucanpurchaseitasanaddonperuser.
Thethreatsthatkeepmeupatnightincludespearphishing,ransomwareand
impersonationattacks.AndinmyopinionbothEOPandATParen’tenoughtoallowme
tosleepeasy.Ineedmore.
AdvancedThreatProtection(ATP)
ATPofferstwonewprotectionfeaturescalledSafeAttachmentsandSafeLinks.Theconceptissimple.Twowaysthebadguysgettoyourendusers(besidestheeasy-to-spotspamandattachedknown-virusattachments)arewithattachments(thatmayappearsuspiciousbutaren’tKNOWNtobebad)andwithlinksthatleadtositesthatare“ok”whentheyfirstcomethrough,butmaybecomeharmfulontheback-endduetoatargetedspearphishingattack.
SafeAttachments:Safeattachmentsusesasandbox‘detonationchamber’toensuretheattachmentisharmless.Sandboxinghasitsplace,butithasafewholesintheuseofthetechnology.Forone,itcauseslatencyinyourreceivingofemails.Microsoftsaystheexpecteddelayis4or5minutesbutcanbeasmuchas30minutes(atwhichpointittimesout).Andthereismalwarethatknowswhenit’sinasandboxandremainsdormant.Inaddition,it’sessentialtohaveasandboxthatusestimeincrementation,meaningitcanforwardthetimetotrytoforcedetonationoftheattachment.It’sbelievedthattimeincrementationisnotpartoftheATPsandboxsolutionandMicrosoftprovidesnodetailstothwartthatbelief.Withouttimeincrementationallabadguyhastodoissetthe
documenttodetonateoutsidetheSLAlimit.Ifyou’relikeme,youdon’topenadocumentandquicklycloseit.Youleaveitopen…forhours,days…weeks.
SafeLinks:Atthetimetheuserclicksthelink(whichhasalreadybeenclearedbyyourfirstlineofdefenseandissittinginyourusers’mailbox)theURLispointingtoamalicioussite.Thesafelinksfeaturewillcomparethelinktoablocklistcorrespondingtothetimeyouclickthelink(whichcouldbethenextday,week,monthforanend-user).Theycallthis‘time-of-click’protection.However,thesafelinksfeaturejustchecksagainstacontinuouslyupdatedblocklist.Nothingdynamichappenstoreachoutandreallyseeifthatlinkgoestoasitethathassomethingharmfulrunninginthebackground.It’sstillagoodenhancement,it’sjustnotagreatenhancement.Notwhenyouhavethird-partysolutionsthatcanscanthesiteandlookforthreats.
Ibelieveindefense-in-depthandthewisdomofalayeredsecurityapproach.Multiplechuteswhenyoujumpoutofaplane.Ipromoteend-pointprotection,DNSlevel
protection,userbehavioranalytics,etc.AndI’mahugeproponentofathird-partycloud-basedsecuritygatewaywithExchange/Office
365.
Longstoryshort,ExchangeOnlineProtection(withorwithouttheAdvancedThreatProtectionpiece)islacking.Andit’slackingnotjustduetoafeaturecomparisonwiththird-partyoptions,becauseovertimethegapinfeatureswillclose.MicrosoftwilleventuallygetEOPuptoparwiththebestofthebestinsecurityoptions.BUT…itwillstillbeasinglelocktopick,asecuritymonoculture,andthatiswhereasecondarybolt-onsolutionshouldbeseriouslyconsidered.Don’tjusthopeyou’resafe,knowyou’resafe.PLANtobesafe.
LowHangingFruit(MXToolbox)
Imagineyou’reathieflookingtorobahomeandyou’relookingattwobigbeautifulhouses.Thefirstsitsonawide-openpropertywithnogates,nosecuritysystemsigns,no“BewareofDog”or“BewareofOwner”signs,reallynothingtoindicateprotection.Andthesecondhasamassivegateandfencingsystemwithsecuritycameras,asignforasecuritysolutionthatisnotedasthebestaround,a“BewareofDog”signoutfront,anda“NoTrespassing”sign.Now,whichwouldyourob?
It’sthesamewithattackersgoingafteracompany.Unlessthemotiveisrevenge(adisgruntledformeremployeeperhaps)orcorporateespionage/attack(competitivecyberwarfare)manyattackersarejustlookingforlowhangingfruit.Aneasytarget.
TostarttheymightuseasimpletoollikeMXToolbox.com.Youcantypeinadomainnameandquicklyseewhereacompany’sMXrecordsarepointing.Notethefollowingresultsfortwocompanies(CompanyAandCompanyB)
• CompanyAcomesbackaspointingtoprotection.outlook.comandtheemailserviceproviderislistedasOffice365.
• CompanyBcomesbackwithmultipleMXpointstoathird-partysecuritysolutioncalledMimecastandtheemailserviceproviderislistedasMimecast(althoughit’sactuallyOffice365).
Whichwouldyouchoosetoattack?ThefirstoneisusingnothingbeyondEOP/ATP.Thesecondhasaninvestmentinsecurityforalltosee.Youmightassume,asthebadguy,thatCompanyAiseitherunawareoftheriskorgaps,orsimplynotwillingtopayforbetterprotection.That’sinterestingtoyou.WhatelsearetheyNOTdoing?AretheyNOTtrainingtheir
endusers?DotheyNOThaveothersolutionstoprotectthemselves?Forlackofabetterword,theyarelooking“tasty”toyouasacybercriminal.
RecreatetheVault
Anotherfactortoconsideristheabilityofthecybercriminaltorecreateyourenvironmentshouldtheywishtotesttheirattackmethodsoutbeforehittingtheirtarget.Wecallitrecreatingthevault.
HaveyoueverseenOceans11?InthebeginningofthemovieGeorgeClooneyandBradPittarestealingtheplansforthevault.Torobit?Well,yes.Butnotatfirst.Firsttheyrecreatethevaultinawarehousesotheycanpracticerobbingitfirst.See?
Ifyou’reusingstraightout-of-the-boxEOP/ATPitcostslessthan$100toregisteradomainnameandsetupaportaltoplaywiththatincludesmultipleaccounttypes.Nowyoucantossstuffatitandseewhatmakesitthrough.
OneDropofPoison
It’snotwhatyoursecuritysolutioncanstopthatmatters.It’swhatitletsthroughthatyouneedtoworryabout.EOPandATPdowork.TheyDOstopstuff.Spam/malware/ransomwareandmaliciouslinksorimpersonationattacks.ButintestingI’veseenresultsthatindicatethatitmisseswaytoomuchformycomfortlevels.Areyouokwiththat?Areyouokwithhavingyourhumanfirewall,theend-users,beyourlastlineofdefenseagainstmodernthreats?
Inotherwords,areyouokwithaglassofwaterthatisn’tfilledwithpoisonbutjustadroportwo?Drinkup!Ahem…probablynot.Thenathird-partysolutionisakeybolt-onnecessitytomitigatesecurityriskinmovingtoOffice365.
DataAssuranceArchiving
Yearsbackwedidn’tworrysomuchaboutarchivingdata,weworriedonlyaboutbackingitup.Butwiththemanyscandals(thinkEnron)andlawsuitscroppingupthatrequiredtherequestingofallemailcommunicationwithinacompany,aneedarosetoprovideeDiscoveryinamucheasiermannerthangoingthroughbackuptapes.TheadventofarchivesolutionsandeDiscoveryallowedITadminstoprovecompliancethroughdiscoveryofdata.
On-premisesExchangeadministratorsreachouttotheecosystemofthird-partysolutions(softwarebased,hardwareappliance-based,cloud-based)toprovideanarchiveofdata.Assureddataretention=discoverability=compliance(whichmeansnofinesorjailtimefortheITadmin).
Exchangeon-premisesdoesNOTincludeanenterprisegradearchivesolution.Andguesswhat?NeitherdoesExchangeOnline.
IsaythisandIcanhearsomeofyourespondingwith“butwait…doesn’tExchangehavean‘in-placearchive’feature?”Icannottellyouhowfrustratingthatnamingistome.Yes,itdoeshavethatfeature.AndIlikeit.Butit’spoorlynamedinmyopinion.Ibelieveitshouldbecalleda‘pstrepository’feature.Letmeexplain.
Inanon-premisesenvironment,youcanhaveahigh-performancestoragesolutionyouwanttorunyourmailboxdatabasesoffof.AndeventhougheveryeditionofExchangeoverthelast10years(2007,2010,2013and2016)hasimproveddatabaseperformancetremendously(inpartbecausetheypulledoutSIS-singleinstancestorage)andJBODarraysshouldbemorethanadequateforyourenvironment,inmyexperienceformostorganizations,therearestillplentyoffolkswhowanthighperformancediskfortheirdatabases.
However,iftheywishtoeliminatepstfilesandallowuserstobloattheirmailboxesabit,the‘in-placearchive’featureallowsadminstouseasecondarydatabaselocation(typicallyoncheaper,slowerdisks)forthatdata.Totheenduser,italllookslikeonemailbox(theInboxandIn-PlaceArchive),butinreality,thedatacouldbeintwoseparatedatabases,ontwoseparatestoragesolutions.
Whatdoesthismean?Itmeansyoucaneliminatethat.pstnightmareinyourorganization.Doesitprovideanenterprisegradearchive?Notatall.Becauseifwesayanarchiveisallaboutretention,discoverabilityandcompliance,thenthebasicflawoftheExchangeInboxandIn-PlaceArchiveinthatroleisthatbydefault,enduserscandeletethedataineitherone.Iftheusercandeletedata,thenyoucannotensurediscoverabilityandthesolutioncannotbecompliant.Gameover.
Ah…butMicrosoftknowsthis.Theyknowitandhaveasolutiontoensurediscoverability,Legal(orIn-place)Hold.Ifyouplaceallmailboxesonlegalorin-placeholdfromdayoneinOffice365thennoemailcanbedeletedfromthesystemanditwillalwaysbediscoverable.
Onenoteonthis,ifyoudidthiswithanon-premisesenvironmentyouwouldbloatoutyourstorageandwouldnotbepleased.ButwithOffice365,youcanbloatthatstorageoutandyou,theadmin,don’thavetoworryaboutit.MicrosoftWANTSyoutodothisbecausethelargeryourdatagrows,thelesslikelyyouaretoeverleavetheirsystem.Thestressofdoingsowouldmakeitprohibitive.Icallthisthe“HotelCalifornia”approachtocustomerretention.Youcancheckoutanytimeyoulike,butbecausethedatabloatisexcessive,makingthemoveanightmare,“youcanneverleave”.Brilliantreally.
Legal/In-PlaceHoldisaband-aidsolutionhere.LegalHoldwasdesignedtobeaproactive(orreactive)approachtosituations
whereHRisapproachedwithsomeformoflitigationagainstMr.Nastyinyourcompanywhohasbeensendingharassingemailstoastaffmemberandyouneedtostophimfrompermanentlydeletingsuchcontentfromhismailboxsoyoucanprovidediscoverabilityofit(ifitdoesindeedexist…innocentuntilproven…andallthat).Mr.Nastyisn’tevenawarehismailisonhold.IfhetriedtodeleteemailitsimplygoesintoahiddenRecoverableItemsfolderthatcanbesearchedduringeDiscoverybythosewiththeproperpermissions.
Withalegalholdscenario,thewholemailboxisonholduntiltheholdislifted.Within-placeholdthereissomeflexibilityintermsofwhatyouholdandforhowlong.Andthesesolutionshaveanabsoluteplaceintheworldofcompliance.It’sagoodfeaturelike‘In-placeArchive’(aka.pstrepository)is.Butit’snotwhatwecometoexpectfromagenuine,enterprisegradearchivesolution.
Microsoftrecentlystoppedtalkingabout“holds”ondataandisnowcallingtheir
solution“intelligentdatagovernance”withpreservationandretentionpolicies.That’sfine,butunderthehoodit’sstillusing“hold”
solutionstomakeithappen.
Modernarchivesolutionskeepasecondarycopyofthedata(whichcanalsobeusedforrecoverability,ifnecessary).Typically,end-usershaveread-onlyorinteractiverightstothedata(sotheycanfindandinteractorrecoveremailsfromtheirpastbutnotdeletethoseemails),somethingyoucannotdowiththe‘hold’solutionsinOffice365.
Inaddition,insomecasesabusinessmayberequiredtopurgedata(forexample,inthecaseoflitigationwherethejudgedeterminesthereisaneedtopurgetheexistingdata).Mostenterprisegradearchivesolutionscandothat.The‘hold’
optionscannotdoiteasily(norcantheydoitwithoutthepossibilityofahumanerrorcausinglostdata).
Inshort,Ipreferaseparatedatabankformyarchivebecauseitprovidesmewithagreaterlevelofcomfortduetoa)myabilitytoswitchserviceswithoutgettingstuckina“HotelCalifornia”situation…soIlikethedataagility/portabilityaspectofit,b)myendusershavetheabilitytosearchandinteractwiththeirread-onlyarchive,c)purgingdataiseasierandlesspronetousererrorandd)sinceOffice365doesn’thaveabackupofthedata,itgivesmepeaceofmindknowingIhaveasecondcopyofemail,shouldIneedtorestoreit.
Wait…what?NobackupofOffice365?We’llcirclebacktothat.RememberIsaidthree(maybefour)keyareasforconcern?
ContinuityorAvailability
Allcloudservicesfailfromtimetotime.Thereasonsvary,andthelengthoftimeisunpredictable.Andithappenstoallvendors,sothereisnopointinbashingMicrosoftfordowntimeofOffice365pieces(includingExchangeOnline),becauseeverymajor/minorvendorhasdealtwithit.Thereisnoperfectvendorwithaperfectamountofuptime(that’simpossible).
However,Istillconsiderthistobeagapandanareaforriskmitigation,becauseitcomesdowntowhetherornotyouhaveoptionswhen/iftheserviceisdown.It’slikejumpingoutofaplane.Youhaveaprimarychuteandhopeitworks.Buteveryonceinawhile,itmaynot(forwhateverreason).Itsureisalifesaverknowingyouhavethatbackupchuteinplace.
WhenExchangeOnlinegoesdownitwillbeimmediatelyapparenttoyourend-usersthatsomethingiswrong,butitmaynotbeimmediatelyapparentthattheproblemisMicrosoft.YourfirstinclinationistochecktheOffice365AdminCenter
andseeiftheyarereportinganoutage.Andtheymaynotbe.That’sbecausebeforetheyturntheirlittlelightfromGreentoRedtheyhavetodetermineiftheproblemisaserver,aserverrack,apod,oradatacenter.Inotherwords,beforetheyflipthatswitchandadmittoaproblemtheyneedtoknowhowbigaproblemtheyhave.It’snotaboutyouandyourtenant(notonthatlevel).
SomemaywonderhowtheymightobtainOffice365outageinformation.Isitpublic
knowledge?MicrosoftpublishestoanOffice365HealthTwitterfeed.@Office365Health.It’snottheeasiestwaytogaininformationbutitworks.AndthetwitterupdateslinktotheServicePortalforyourOffice365.Other
waystodetermineoutagesincludedowndetector.comorReddit.
Backup/Recovery
Microsoftdoesafantasticjobofdataprotectionmanagementthroughtheirnativedataprotectionsolution.ThisutilizestheExchangedatabaseavailabilitygroup(DAG)featuretoensuretheactivedatabasehasmultiplepassivecopies(lagged)splitbetweendatacenters.Ontheplusside,thiseliminatesalotofriskoveryourexistingdata.Butthereareafewthingsthisdoesn’tprovide.Itdoesn’tofferabackupofdatasoyoucanrestoretoapointintime.
HavinganarchivesolutionisgreatforeDiscoveryandcanassistshouldmailbemissingandappearlost.Butit’snotthebestsolutionforamailboxrestore.
IknowtherearemultiplepassivecopiesofthedatabutIstilllikeknowingIhaveacopy.Callmeadinosaur,butI’vebeenburnedbeforeinthisregardandliketobeextra
cautious.I’dratherplanforaproblemthanhopeitdoesn’thappen.
KeyTakeawaysOffice365isafantasticsolution,especiallyExchangeOnline.Andit’sthewayofthefuture.MoreandmoreorganizationsofallsizesandbusinessrequirementsaremakingthemovetoOffice365,primarilyduetoitsemailoffering.
AssolidasolutionasOffice365is,therearegaps.Thesegapsrelatetorisksthatneedtobemitigated.Inthepast,withon-premisesExchange,welookedtoecosystemsolutionstomitigatethegapsinExchange.Wecouldboltonseveraltop-notchsolutionsandmakea“better”emailenvironmentasaresult.
WhataboutwithOffice365?
AlthoughMicrosofthasmorecontroloverthesolutionbecauseit’shostedintheircloudandtheycanenhance,improve,developandtweakitalldaylong…therearestillgaps.Therearerisks.Andtheseresideprimarilyintheareasofsecurity,dataassurance,continuityandbackup/recovery.
It’sobvioustheseriskscausefear,uncertaintyanddoubt(fud).Buttheydon’thaveto.MyencouragementtoanyOffice365currentcustomerorpotentialcustomeristolookonceagaintotheecosystemtofindwaystomitigatetherisks.Lookforanall-in-onebolt-onsolutionthatcanaddressthepainpointsandenhancewhatMicrosoftprovides.
Whyanall-in-one?Well,unlikeon-premiseswhereemailcanmovethroughyourbolt-onpiecesinananosecond,withthecloudyoucannothave(ordon’twishtohave)emailboundingfromonedatacentertoanother,fromonesolutiontoanother,beforereachingtheMicrosoftdatacenterthatholdsyourmailboxes.Thatleveloflatencywouldbeprohibitive.Rather,lookforasinglesolutionthatdoesitall.
Thequestionis…doessuchasolutionexist?
VendorSponsor:Mimecast’sRiskManagementandCyberResiliencyforOffice365
Mostinformationyoureadaboutwhenitcomestoathird-partysolutioniswrittenbythethird-party.Theytellyou“we’reawesome!Andhereisadocumentthatprovesit!<cough><cough>writtenbyus<saidinawhisper>”.Evenifitistrueitcertainlydoescauseaneyebrowtoriseandthecynicalsidetouscomesout.Doesn’tit?
That’swhyItoldmyfriendsatMimecastIwantedthemtoletmewritethisupinmyway.Iwantyoutoseetheirsolutionthroughmyeyes.Iwon’tbeabletogiveyoueverylastbellandwhistle,butIwillcertainlybeabletotellyouhowitwilladdvaluetoeitheryourOffice365ExchangeOnlineorhybridenvironment.
Mimecastwasfoundedin2003byPeterBauerandNeilMurray.Thesewereregularpeople(albeitsupergeniuses),IT/Devadminsthatsawaproblemandwenttoworkfixingit.Theproblemtheysawwasthatemailwasbecomingmoreandmorecomplextohandle.Theybuiltacloud-basedsolutionto
theproblemthatprovidedemailmanagementandriskmitigation–andthecompanytookoff.
SecurityEmailmanagementcanmeansomanythings,sowhatisitREALLYthatMimecastprovides?Well,forstarters,anti-spamandanti-malware.Keepthejunkfromeverreachingyouron-premisesExchangeorOffice365servers.Mimecast’ssolutionsitsbetweenyourorganizationandtheInternetandprovidescompleteprotectionfromspam,viruses,malware,whaling,zero-dayattacks,ransomware,phishing,spearphishinganddataleaks.
MimecasthasaservicecalledTargetedThreatProtection(TTP)whichfocusesonreal-time,whaling,ransomware,spear-phishingandotheradvancedthreats.Onewayitdoesthis(thatIthinkisbrilliant)isbyconvertingincomingdocumentstoPDF.Soratherthansendeverydocumentthroughasandboxdetonationchamber(i.e.avirtualmachinetoopenthatdocumentandseeifitwilldoharm)itwillconvertittoPDF,thusrenderingharmlessanymaliciouscodewithin.AndthenifthepersonWANTStheoriginaldocumentitcanbesandboxed.Averycreativeapproachtoeliminatethelatencyoftryingtosandboxeverysingleincomingdocument.
MimecastalsorewriteseveryinboundURLforon-clickprotection.Andidentifieswhalingemailsthattryandstealmoneyordata.ThosearejustsomeofthecoolfeaturesinTTP.
Butitdoesn’tstopthere.Mimecasthasasecuremessagingsolutionthatisverycustomizableandeasytoworkwith.Theyalsohavea‘largefilesend’(LFS)solutionsoend-userscansendfilesupto2GBinsizerightthroughtheirOutlookclient(iftheplug-inisused).
TheMimecastSecureEmailGateway(SEG)usesseveraldetectionenginesforamulti-layeredapproach.Itincludesthe
abilitytodeploypoliciesthatassistwithdataleakprevention(DLP)andcontentcontrol,aserioussorespotformostorganizations.So,Mimecastkeepsthecompanydataconfidentialwhilekeepingthebadguysoutatthesametime.Anditdoesthisnomatterwherethepersonisconnected(LAN/Wi-Fi/Internet)andnomatterwhichdevice(desktop,laptop,mobile/tablet).
ArchiveMimecastprovidesanindependent,enterprise-gradearchivesolutionwithapowerful,high-performanceeDiscoveryservice.Thisreducesyouron-premisesstoragecostsbecausethearchiveensuresyouhaveanaccessiblecopyofthatdataatalltimes.
LetmeexplainthisabitfurtherbecauseIdon’tthinkeveryoneunderstandsthevalueofthissolution.UsingMicrosoft’sin-placearchivesolutionisgreatforeliminatingPSTfilesbutnotgreatforenterprisearchiveandregulatorycomplianceprotection.Why?Becauseend-userscandeletewhatevertheywant.Andforthattostopyouhavetoenableaformoflegalhold(litigationholdorIn-PlaceLegalHold).Thiscreatesmorestoragebloatbutdoesstopend-usersfromdeletingthingspermanently.It’sjustnotflexibleandnotinteractive.Andifyou’reinahybridenvironmentthereisnosinglepaneofglassforsearchingbothon-premandcloudatthesametime.
WiththeMimecastsolutionyouhaveemailarchivedbeforeitevenreachesyouron-prem/O365servers.Userscandeletewhatevertheywant.Notabigdeal.Youhaveanarchive.Nowthecoolthingisthisisanaccessible/interactivearchive,notbackuptapesthatsitinavault.End-usersaregiventoolsthatintegratewithOutlooksotheycanperusetheirarchiveandfindemailstheymayhavedeletedaccidentallyandrestorethem(noITinterventionrequired…justalittletraining).BUT…iftheywanttodeleteanemailthatmaybeincriminating…nope,notpossible.Note:Mobileappsarealsoavailable.
Iliketocallthis“preventativelitigation”.Thinkaboutit.Ifyouknow,asanend-user,thateverythingyousendandreceiveisbeingarchived,isnon-deletable,iseasilylocatedwitheDiscovery…howstupidwouldyouhavetobetosendsomethinginappropriate?Hence,preventativelitigation.Astrongdeterrent,ifyouwill.
ContinuityIrememberat5yearsoldbeinginthemovietheatreforthefirstSupermanwithChristopherReeves.DoyourememberthepartwhereLoisLanefallsoutofthehelicopterandSupermancatcheshersaying“Don’tworryma’am,I’vegotyou”?Andshesays“You’vegotme?!Whosegotyou!!!???”Classicline.Goodquestionthough.
So,youhaveallthesedifferenttypesofServiceLevelAgreementsfromMicrosoft.SLA’spromisemanythingsandoneofthemisavailabilityofyourservices.Butwhathappensif/whentheservicegoesdown?Ithappens.Ithappenswithon-premisesExchangeandithappenswithhostedsolutionsandevenOffice365.Sure,theSLAtypicallyofferssomekindofrestitution,butwhatifyoudon’twantrestitution,youwantavailabilityofservice?Microsoftcannotbeitsowncontinuitybackupsolution.
HereiswhereMimecastisabrilliantsolution.Theykeepusersworkingduringon-premorcloudoutages.Likeabackupparachute,shouldtheprimarynotopen…youdon’thavetofreefall,youcanpullthesecondarycordandglidetosafety.
So,let’ssaytheOffice365servicegoesdown.Firstoff,ratherthanhavingyouguessifthereisadisruptionandpossiblyobtainingmixeddatafromtheO365AdminCenter,Mimecastprovidesoutage/disruptiondetection.Througha‘heartbeat’approachMimecastmonitorsforhighlatencyandfaileddeliveries.Ifaproblemisdetected,basedonsetthresholds,MimecastwilltriggeranalerttoadminsviaSMSorasecondary
email.Fromtheretheadmincankickoffacontinuityeventwhichallowsend-userstokeepworkingthroughOutlook,webmailportalormobileapplications.
WithMimecast,yourend-userswillhavenoideathereisaproblem.Theycancontinuetosendandreceiveemailasiftherewasnofailure.Sotheyjustkeepworking.Onceyourserverscomebackonline,Mimecastwillsyncupwiththemandtheworldkeepsturning.
And,coolestpartinmyopinion,ifMimecastisalsoyoursecurityandarchivesolution,havinganoutagethatrequiresacontinuityassistfromMimecastdoesn’talteryoursecurityandarchivecapabilitiesintheslightest.Youarestilljustasprotectedandcompliant.
Sync&RecoverforExchangeandOffice365Ifyourecall,ImentionedinthelastchapterthatOffice365doesn’thaveapoint-in-timebackup/recoverysolution.It’sonereasonwhyIfeelaseparatedatabankarchiveisvaluableintheeventsomething“bad”happens–beithumanerror,technicalfailure,aransomwarestrikethatrequiresarestoretoapointintime,whateveritmightbe.
Inaddition,therearesomewhoneedmorethananarchive.Therearesomewhoarebackinguptoon-premisesinfrastructureorusingsomecloud-basedbackupsolutionbecauseMicrosoftsimplydoesn’tbackupthedataandtheywant/needthat.
WithMimecast’s‘Sync&Recover’solutiontheycanbackupemail,calendarandcontactswithoutadditionalhardwareorsoftware.Thissolutionassistsshoulddatabelostduetocorruption,accidentaldeletionorcyberattacks.
KeyTakeawaysDespitetherisksofmovingtothecloud,byaddingathird-partyall-in-onesolutionlikeMimecastyoucanmitigatethoserisks,eliminatetheFUD,andplanforsuccessratherthanhopeforit.
TheMimecastAdminConsole
So,that’smypersonalopiniononMimecast’sRiskManagementandCyberResiliencySolutionforOffice365.I’drecommendyoucheckthemout.Theaddedvalueyouwillreceiveatsuchareasonablepricepointisunbelievable.