Email is a business-critical service for the vast majority of organizations.
Despite years of claims that it will be replaced by other tools, it doesn’t appear to be going anywhere fast. In fact, it’s estimated that, by 2020, the number of email users in the U.S will reach 250 million. What is changing is how we facilitate email. As with many other business services, it’s increasingly moving to the cloud and Microsoft Office 365 has swiftly become the de facto provider for an increasing number of organizations. In fact, Office 365 commercial monthly active users reached 120 million in October 2017. According to Microsoft itself, it expects 70 percent of customers to be using Exchange Online in Office 365 instead of Microsoft Exchange on premises within the next year. But there are still those holding out, with 32 percent of respondents to a recent survey claiming that email security concerns are stopping them from moving their email to the cloud.
Microsoft does offer two levels of Office 365 email security to customers – Exchange Online Protection (EOP) and Advanced Threat Protection (ATP). Neither offers true enterprise class – or best-of-breed security – and many organizations choose third-party security solutions that are complementary and can enhance the security of the Microsoft platform – an approach advocated by analyst firm Gartner.
While Office 365 email security tools provide a level of security from email-based attacks, even Advanced Threat Protection (ATP) does not include ultra-modern, multi-layered security that is common in third-party email security solutions. Microsoft’s Office 365 email security capabilities are powerful against traditional spam but less effective against the modern, highly-targeted email threats, such as CEO fraud. There’s also the issue of service uptime and availability, which is a major concern for organizations adopting Exchange Online. Searching ‘Office 365 down’ on Twitter, quickly reveals that uptime isn’t always a strength of the service. Given how critical email is for employee productivity, any risk of downtime is a mark against Exchange Online.
The final hurdle for a lot of businesses is archiving. Organizations, especially those working in regulated industries, need to ensure that they comply with legislative and regulatory requirements. While Office 365 protection does have email archiving, it is not a best-in-breed product or fully compliant, and many businesses will require or desire additional features such as tamper-proof storage and functionality to quickly respond to e-discovery requests or warrants.
None of these issues mean that organizations should abandon Office 365. Instead, they simply need to be aware of Office 365 cloud security limitations and deploy best-of-breed security solutions alongside it. For example, an additional email continuity solution will provide users with an ‘emergency inbox’, usually via a web portal that contains access to inbox and sent items from the last 7-30 days, meaning that if the primary email provider (or server) fails, users can still read and respond to email until service is restored. This provides a level of reassurance for companies, particularly when moving email off premises.
Secure your entire organization from known, unknown and emerging threats - including email fraud.
Cloud-based software can be used productively and safely for business. However, companies should not settle for the standard tools, but instead seek out advanced solutions to ensure the safety of their data and integrity of their compliance programs.