Microsoft Office 365 Security

Microsoft Office 365 has become integral to an increasing number of enterprises, but many are still wary of the cloud service, particularly when it comes to security. Some of these fears are warranted, but by combining Microsoft Office 365 with best of breed email security solutions much of their concerns can be alleviated.

Visit our Defence365 hub to find out more about additional layers of security to protect your organisation, whether you are preparing for, migrating to, or strengthening the performance of your Microsoft Office 365 environment.

Leptop office smartphone

Email is a business-critical service for the vast majority of organisations.

Despite years of claims that it will be replaced by other tools, email doesn’t appear to be going anywhere fast. In fact, it’s estimated that, by 2020, the number of email users in the U.S will reach 250 million. What is changing is how we facilitate it.

As with many other business services, it’s increasingly moving to the cloud and Microsoft Office 365 has swiftly become the de facto provider for an increasing number of organisations. In fact, O365 commercial monthly active users reached 120 million in October 2017.

According to Microsoft itself, it expects 70 percent of customers to be using Exchange Online in Office 365 instead of Microsoft Exchange on premises within the next year. But there are still those holding out, with 32 percent of respondents to a recent survey claiming that email security concerns are stopping them from moving their email to the cloud.

Microsoft does offer two levels of Office 365 email security to customers – Exchange Online Protection (EOP) and Advanced Threat Protection (ATP). Neither offers true enterprise class – or best-of-breed email security – and many organisations choose third-party security solutions that are complementary and can enhance the security of the Microsoft platform – an approach advocated by analyst firm Gartner.

While Microsoft Office 365 email security tools provide a level of security from email-based attacks, even Advanced Threat Protection (ATP) does not include ultra-modern, multi-layered security that is common in third-party email security solutions. Microsoft’s Office 365 email security capabilities are powerful against traditional spam but less effective against the modern, highly-targeted email threats, such as CEO fraud.

There’s also the issue of service uptime and availability, which is a major concern for organisations adopting Exchange Online. Searching ‘Office 365 down’ on Twitter, quickly reveals that uptime isn’t always a strength of the service. Given how critical email is for employee productivity, any risk of downtime is a mark against Exchange Online.

Email Archiving

The final hurdle for a lot of businesses is email archiving. Organisations, especially those working in regulated industries, need to ensure that they comply with legislative and regulatory requirements.

While Microsoft Office 365 does have email archiving, it is not a best-in-breed product or fully compliant, and many businesses will require or desire additional features such as tamper-proof storage and functionality to quickly respond to e-discovery requests or warrants.

None of these issues mean that organisations should abandon Microsoft Office 365. Instead, they simply need to be aware of Office 365 cloud security limitations and deploy best-of-breed security solutions alongside it.

For example, an additional email continuity solution will provide users with an ‘emergency inbox’, usually via a web portal that contains access to inbox and sent items from the last 7-30 days, meaning that if the primary email provider (or server) fails, users can still read and respond to email until service is restored. This provides a level of reassurance for companies, particularly when moving email off premises.

Cloud-based email security software can be used productively and safely for business. However, companies should not settle for the standard tools, but instead seek out advanced Office 365 email solutions to ensure the safety of their data and integrity of their compliance programs.

Defence365

Censornet have collaborated with some of the cloud and security industry’s most prominent thought leaders to bring you expert advice, no matter where you are on your journey to O365.