SponsoredbyMimecast

Mimecastmakesbusinessemailanddatasaferfortensofthousandsoforganizationsandmillionsofemployees.Foundedin2003,the

Company'snext-generationcloud-basedsecurity,archivingandcontinuityservicesprotectemail

anddelivercomprehensiveemailriskmanagement.

www.mimecast.com

ConversationalOffice365RiskMitigation

ByJ.PeterBruzzese

©2016ConversationalGeek

ConversationalOffice365RiskMitigationPublishedbyConversationalGeekInc.

www.conversationalgeek.com

Allrightsreserved.Nopartofthisbookshallbereproduced,storedinaretrievalsystem,ortransmittedbyanymeans,electronic,mechanical,photocopying,recording,orotherwise,withoutwrittenpermissionfromthepublisher.Nopatentliabilityisassumedwithrespecttotheuseoftheinformationcontainedherein.Althougheveryprecautionhasbeentakeninthepreparationofthisbook,thepublisherandauthorassumenoresponsibilityforerrorsoromissions.Norisanyliabilityassumedfordamagesresultingfromtheuseoftheinformationcontainedherein.

TrademarksConversationalGeek,theConversationalGeeklogoandJ.theGeekaretrademarksofConversationalGeek.Alltermsmentionedinthisbookthatareknowntobetrademarksorservicemarkshavebeenappropriatelycapitalized.Wecannotattesttotheaccuracyofthisinformation.Useofaterminthisbookshouldnotberegardedasaffectingthevalidityofanytrademarkorservicemark.

WarningandDisclaimerEveryefforthasbeenmadetomakethisbookascompleteandasaccurateaspossible,butnowarrantyorfitnessisimplied.Theinformationprovidedisonan“asis”basis.Theauthorandthepublishershallhaveneitherliabilitynorresponsibilitytoanypersonorentitywithrespecttoanylossordamagesarisingfromtheinformationcontainedinthisbookorprogramsaccompanyingit.

AdditionalInformationForgeneralinformationonourotherproductsandservices,orhowtocreateacustomConversationalGeekbookforyourbusinessororganization,pleasevisitourwebsiteatConversationalGeek.com

PublisherAcknowledgments

Allofthefolksresponsibleforthecreationofthisguide:

Author: J.PeterBruzzese

ProjectEditor: NickCavalancia

CopyEditor: JohnRugh

ContentReviewer: DavidHood

NotefromtheAuthor

Greetings!

Youmayfindthishardtobelieve,consideringthefactthatI’manOfficeServersandServicesMVP,buttherewasatimewhenIcampaignedadamantlyagainstgoing‘cloud’foryourenterprisegradeserverservices.Ifeltitjustwasn’tready.Myfear,uncertaintyanddoubt(theFUD)wereoffthecharts!Nothingcouldchangemymind.AndthenIchangedmymind.

IstartedtoseethecompaniesIconsultwithseriouslyconsideringthemovetothecloud.CIOsweremandatingthemove,andITadminswerestucktryingtofigureouthowtomakeithappenandhowtopreparefortheworst.Imadethedecisiontogo‘allin’andimmersemyselfinOffice365inordertobeabletoassistmyclientstoagreaterdegree.Andinallhonesty,Ifellinlovewithit.

Afternearly2decades(ascore,ifyouwill)ofExchangeon-premisesfocus,Ifounditsomucheasiertoletothersworryaboutthehardware,upgrades,availabilityandsoforth.Thesideservices(ahem…Yammer)don’tenticeme,butfewareswitchingtoOffice365forthesideservices.E-mailiswhattheyreallywant.

However,Idiscoveredthereweresomegaps.AreasofconcernthatIhadtomitigate.RisksthatIdidn’twanttojusthopeandpraywouldn’thurtme.Iisolatedthoserisks…andfoundwaystomitigatethem.ThisbookwilltellyouwhatIdiscovered.

J.PeterBruzzese

The“Conversational”Method

Wehavetwoobjectiveswhenwecreatea“Conversational”book:First,tomakesureit’swritteninaconversationaltonesoit’sfunandeasytoread.Second,tomakesureyou,thereader,canimmediatelytakewhatyoureadandincludeitinyourownconversations(personalorbusiness-focused)withconfidence.

Thesebooksaremeanttoincreaseyourunderstandingofthesubject.Terminology,conceptualideas,trendsinthemarket,andevenfringesubjectmatterarebroughttogethertoensureyoucanengageyourcustomer,team,co-worker,friendandeventheknow-it-allBestBuygeekonalevelplayingfield.

“GeekintheMirror”Boxes

Weinfusehumorintoourbooksthroughbothcartoonsandlightbanterfromtheauthor.Whenyouseeoneoftheseboxes,it’stheauthorsteppingoutsidethedialogtospeakdirectlytoyou.Itmightbeananecdote,itmightbeapersonalexperienceorgutreactionandanalysis,itmightjustbeasarcasticquip,butthese“geekinthemirror”boxesarenottobeskipped.

Greetings.TheycallmeJ.WithintheseboxesIcansharejustaboutanythingonthe

subjectathand.Read’em!

Office365(101)forITProfessionals

WhatisOffice365?Therearetwoanswerstothisquestion,onefortheend-user,thosefolkswhousetheservicesprovidedbyOffice365,andonefortheITprofessionalsanddecisionmakerswithinacompany.ThisbookfocusesontheITProandsowewillanswerthequestionfromthatperspective.

Office365isMicrosoft’scloudsuiteofcollaboration,communicationandproductivitytools.Inlate2015theOfficeBlogcalledit“oneofthefastestgrowingbusinessin

Microsoft’slonghistoryofprovidinginnovativetechnologyproducts”.

AttheApril2016FY16Q3results,CEOSatyaNadellasaidOffice365hasover70millionactiveusers,withthenumberoflicensessoldbutnotusedlikelymuchhigher,accordingtoMicrosoftMVPTonyRedmond.

Asfastasitisgrowing,therearestillmanywhodon’treallyknowwhatitis.Intruth,thenameisabitconfusing.It’sgoodtonotethatitspredecessorhadanevenworsename:BusinessProductivityOnlineSuite(orBPOSforshort).

ThereasonOffice365isconfusingisbecausemanyfolksthinkitisreferringtothenextflavorofOffice,andtoadegreetheyarecorrect(I’llexplainthat).ButtheprimaryofferingisactuallyMicrosoft’shosted(akaonlineinthe“cloud”)versionsofExchange(ExchangeOnline),SharePointandSkypeforBusiness(aswellasavarietyofothertoolsdependingontheplanchosen).

Let’sbreakdownwhatOffice365isallabout.

Office365ServicesOneofthemostcompellingservicesforOffice365istheabilitytohavehostedmailboxesforemailhandledbyMicrosoftandintheirdatacenters.Fromasimplisticpointofviewthedifferencebetweenyourmailboxbeingon-premisesorinthe“cloud”isthatyoucankicktheserveron-premises,butifyoufindthelocationofyourdatacenterandmakeyourwaytoitandtrytokickaserveryouwillbetakendownbysecuritybeforeyougetwithin100feetoftheperimeter.Andifyoudidmanagetosneakin,thereisnowayyouwouldeverfindtheserverwithyourmailbox.Ever.

So,arewesayingthatOffice365isjustanemailsolutionofferedbyMicrosoft?Thatisoneofitsmanyfeatures(andaprimaryoneatthat).Microsoftwantsyoutotrustthemwith

yourmailboxes.Isitfree?LikeGmail?Well,Gmailisfreetoindividuals,andMicrosoftLiveaccountsarefreetoindividualstoo.ButOffice365isasubscriptionserviceandtheofferingsgobeyondjustemail.

Office365isasuiteofservicesthatincludeemail,collaborationthroughanintranetSharePointsite,onlineconferencing/IM/presence,filestorageandsharingthroughOneDriveforBusiness,enterprisesocialnetworkingthroughEnterpriseYammer,OfficeOnline,desktopversionsofOffice(includingWord,Excel,PowerPoint,Outlook,Notepad,Access,PublisherandSkypeforBusiness)andahostofotherservicesdependingontheplanyouchoose.

Yammer

ThedesktopversionsofOfficeareincludedaspartofasubscriptionplansothatratherthanpurchasingafulllicenseforOfficeforseveralhundreddollarsyoucanpurchaseasubscription-basedOffice(whichisnowOffice2016atthebase)thatyoupayformonthly.Samesolution,differentpaystructure.

ABreakdownofServices

• ExchangeOnline:Allowsyoutohavebusiness-classmailboxesforyourcompanyhandledbyMicrosoft.Microsoftmakessuretheyareredundant(multiplepassivecopies),available,secure,etc…

• SharePointOnline:Allowsyourcompanytosharedocumentsandcollaboratethroughworkflowtools.

• SkypeforBusinessOnline:ProvidesIMandpresencecapabilities,aswellasonlinemeetingtools(audio/videoconferencingandscreen/applicationsharing).

• OneDriveforBusiness:Cloudstoragetostore,sync,shareandcollaborateusinganydevice.

• YammerEnterprise:Abusiness-basedsocialnetworkingtoolforpeopleinyourcompany.Likein-houseFacebook!Youcanpostmessages,pictures,documents,etc…andcommunicateandcollaboratewithcolleaguesthroughYammer.

• MobileApps:ThereareavarietyofdifferentmobileappstohelpyouworkwithyourOffice365solutionincludingOfficeforiPad,OfficeMobile(alreadyinstalledonyourWindowsphonesandavailableforiPhoneandAndroidmodels),OutlookMobile,SkypeforBusinessMobile(alsoavailableforWindowsphones,iPhone/iPadandAndroid),OneDriveappandmore.

ABevyofFeaturesandApplicationsMicrosoftisalwaysreleasingeithernewservicesornew/improvedfeaturestoexistingservices.It’soneofthebenefitstohavingservicesinthecloud.Thereleasecadenceisincredible(andhardtokeepupwithattimes).

Toseeandaccessfeatures,youmayneedtologintothewebportalforOffice365andaccessthemthroughtheAppLauncher.

Office365AppLauncher

Recentnewfeaturesandenhancementsincludethefollowing:

• OfficeGraph:Usesmachine-learningtechniquestoconnectyoutowhatitdeterminestoberelevantdocuments,conversations,andpeople.Itwatcheswhatyoudo,whatinterestsyou,andwhatyoutreatasimportanttoprovideapersonalizedexperiencearoundyourworkflow.

• Office365Video:Providestheabilitytouploadvideocontenttoyourcompanyportalsothatyoucansharethiskindofcontentquicklyandsecurely.Note:MicrosoftalsoannouncedanewsolutioncalledStreamfornext-genvideoservicestoreplaceOffice365Video.

• Clutter:Weallreceiveemailthatwemayhavesignedupfor(suchasanewsletter);thatemailisnotjunk,butyouprobablydon'tconsideritveryimportant.ClutterusestheintelligenceofOfficeGraphtoseehowimportant(orunimportant)emailistoyou.Itlearnsovertimeyourlevelsofimportance,thenusesthatanalysistoseparatetheclutterfromotherinboxitems.Youcanquicklyscantheclutter,markindividualitemsas"notclutter,"andtakeactionontherestofit,suchasdeletingitall.Ofcourse,ifyoudon'tlikethefeature,youcanturnitoff.

• Delve(codenamewasOslo):workswithOfficeGraphtocreateaPinterest-liketrendingviewbasedonwhatyou'reworkingon.Itistailoredtoyoupersonally.

Delve(graphicfromblogs.office.com)

Office365:TheAdminPerspectiveAsmentioned,Office365isallaboutthehostedservicesyoucanobtainbychoosingapackagethatfitsyourneeds.Atthesametimeit’salsoaboutsubscriptionOffice(ifyoupickaplanthatincludestheOfficesuite).ThereareBusinessandEnterprise(E1/3/5)planstochoosefrom.TherearealsooptionsforEducation,Government,NonprofitandHome(forpersonalplans).

Everyplanyouchoosehasabaseofservicesandifyouneedadditionalservicesnotinyourplanyoucaneitherchoosethenextplanuporaddservicesalacarte(solongasthatmakessensefinanciallywhencomparedtochoosingthenextplanup).

SeveralPlanOptions

Logically,theplanyouchoosewillhaveapricetagattachedandthiswilloftendrivethedecisiononwhichplanisbestforyou.Youwanttobecarefulthattheplanyouchooseincludesfeaturesyouwant.Forexample,ifyougeta“business”plan,youmaynothavesomeoftheregulatorycompliancefeaturesyouwouldliketohave(likepremiumjournaling)includedinan“enterprise”plan.Youcanalwaysupgradeyourplanifyouneedtobutitwouldbebettertoknowup-frontwhatyourplansupports.Theseplansarenotjustbasedonnumberofseats,theyhaveenabled/disabledfeaturestoconsiderandsomeincludeOfficewhileothersdonot.

IpersonallyloveworkingwithOffice365.WhenIlogintotheOffice365admincenterI’mgreetedwithanoverviewofservices.Icanseeimmediatelyifthereareanyissueswithmyservicesandseeiftherearehealth

issues.

Icaneasilyaddnewuserstomyportal,pullupreportsandmore.It’sveryeasy.WhenworkingwithspecificfeaturesofOffice365,likeExchangeOnline,Ihavetheabilitytoworkwith

asimilarweb-basedportalsolutiontowhatIuseon-premises.SofromanITadminperspectiveit’sgreattonothavetolearnawholenewinterfacewhenworking.

Oftentimeswithhostedsolutionsitdoesn’tworkthatway.Yougetsomekindofproprietarytoolset(web-based)thatgivesyouverylimitedoptions.ButwithOffice365yougetaveryrobustadministrationexperience.Asclosetoon-premisesasyoucanhopeforwithahostedsolutioninmyopinion.

Inaddition,youcanestablisharemotePowerShellconnectiontoOffice365andperformmany(butnotall)tasksthroughthecommand-lineasyouwouldthroughtheShell.

Office365AdminCenter

TheOffice365TrustCenterMicrosoftknowsthatitishardtotrustsomeoneelsewiththelifebloodofyourcompany…data.Therehavebeensomescarybreechesinsecurityoverthepastfewyearsandithasfolksabitleerywithregardtousingthecloudforcorporatedata.

ToassistpeopleinlearningallthatMicrosoftisdoingtoearnandmaintainthattrusttheyhaveestablishedaTrustCenter

forOffice365.ItfocusesonhowOffice365hasbeendesignedwithbuilt-insecurity,continuouscompliance,privacybydesignandtransparentoperations(eachsubjectgettingitsowntabtodrilldownabitmoreonthesubject).

Note:TheOffice365TrustCenterURL:https://products.office.com/en/business/office-365-trust-center-cloud-computing-security

KeyplayersintheOffice365spacehavebeencreatingvideocontentforaseriescalled“Conversationsfrominsidethecloud”thatfocusesonkeysubjectslike“WhytrustOffice365?”withJuliaWhite(GeneralManagerforOffice365)andRajeshJha(CorporateVicePresident,OperationsandServicesEngineering).Anothergreatonetowatchis“Isyourdatasafeatrest?”withVivekSharma(PartnerGroupProgramManager,Office365Engineering)whichhassomecooldatacentersecuritypoints.

OneofthebenefitsoftheTrustCenteristhatyoucanusethiscontenttohelpdecisionmakerswithinyourorganizationfeelmorecomfortableaboutthemovetoOffice365.Youmaybeconvincedit’stherightmoveforyourorganizationbutyoustillhavetoconvincethefolksthatwritethechecksandthiskindofcontentisshort,tothepoint,andveryeffectiveindoingjustthat.

TheOffice365OnlineRoadmap(aka…FlightPlan)InterestedinseeingtheOffice365roadmapbutdon’thaveabehind-the-scenespresspasswithasignedNDAinplacetomakeithappen?Well,MicrosofthasanonlineroadmapforOffice365thatshowsclearlyallthefeatureslaunched,beingrolledout(butnotyetavailabletoall),indevelopment,cancelled(forthosefeaturesnolongerinthequeueorindefinitelydelayed)andpreviousreleases.

TheOffice365onlineroadmapiseasytoseeat-a-glancefeaturessothatyoucaneasilykeepuptodatewithMicrosoft’scloud-basedsolutionforallthingscollaborationandcommunicationforyourenterprise.

Ifigure,sinceOffice365isacloudsolution,insteadofcallingitaroadmap,itshouldbe

calledaflightplan.Right?

Note:TheOffice365RoadmapURL:http://fasttrack.microsoft.com/roadmap

Office365Roadmap(akaFlightPlan)

TheBigTakeawaysOffice365isMicrosoft’shostedsuiteofcommunicationandcollaborationsolutionsincludingExchangeOnline,SharePointOnline,SkypeforBusinessOnlineandseveralotheroptionsdependingontheplanyouchoose.

Thereareavarietyofplanstochoosefromwithdifferentfeaturesandpricetagsattached.Youneedtomakesuretheplanyouchooseisbestforyourneeds.

SomeplanscomewithasubscriptiontoOfficesothatuserscaninstallthelatestversionofOfficeapplications.OneofthevaluestoOffice365isthatallofthesolutions(theserver-sideonesandend-userones)arekeptuptodateandarethelatestiterationsofthosesolutionsavailable.

MicrosoftisaggressivelydevelopingouttheOffice365platformandenhancingfurtherthefeaturesthatcurrentlyexist.Youcancheckthepublicfacingroadmap(akaflightplan…it’llcatchon)toseewhat’sindevelopmentforthefuture.YoucanalsokeepaneyeonOfficeblogs(http://blogs.office.com)toassistinstayingontopofnewfeaturesandfutureenhancements.

RiskMitigationandOffice365

AsImentionedinmynoteatthebeginning,IjumpedinwholeheartedlywithOffice365withExchangeOnlineandhaven’tlookedback.However,withon-premisesExchangetherewerealwaysgapsthatcausedmetoreachouttotheecosystemsetofsolutionsfromthird-partiesthatsurroundExchangetoplugthosegaps.Asecurityappliance,abackupsolution,amonitoringpieceandsoon.IhavefoundExchangeOnlinetobesimilar,causingmetotakepauseandseekoutthirdpartysolutionstohelpmitigategapsandrisks.WhatIfindoddishowmanycompaniesaresimplyfoldingtheirhandsandsleepwalkingintoOffice365.

SleepwalkingintoOffice365Howmanyon-premisesdeploymentsofExchangehaveyoudoneovertheyears?HowmanyExchangeservershaveyoumanaged?Nowthinkaboutthis,whenhaveyoueverseenagreenfieldorlong-termdeploymentofExchangethatsimplyusedwhatExchangehadtoofferwithoutreachingouttowardecosystempartnerstoprovideimprovedservicestosurroundandsupportExchange.Granted,maybewithSmallBusinessServerdeploymentsyoumighthavefolksjusttakingwhattheygetduetobudgetaryconcernspreventingthemfromdoingmore,butinthemajorityofdeploymentcasesyouseeExchangesurroundedbyabest-of-breedorbest-in-class(orpersonalfavorite)backup/recoverysolution,monitoringsolution,securitysolution,archivingsolutionandsoforth.That’snormal.Sowhyisitwhenwemovetothecloud,andmovetoOffice365,wefoldourhandsandjustacceptwhatisprovidedorbuiltin?WhyarewesleepwalkingintoOffice365?

Well,I’mheretotellyou…WAKEUP!!!

Solutionsarchitectsneedtore-inventthemselvesgoingforwardtobecomecloudriskmitigationexperts.Theyshouldn’tjustgiveup,thinking‘ohwell,it’sallinOffice365now,myjobisdead’.Theyneedtoembrace

theirnewplaceintheuniverse.

OntheonehandtherearethingsMicrosoftcandowithamulti-tenantcloud-basedversionofhostedExchangethattheycouldn’tdowiththeon-premisesflavor.Becausetheyhavefullcontroloftheinfrastructure,theycanprovidehighavailabilityusing‘nativedataprotection’thatallowsformultiplepassive(andlagged)copiesofyourdatabasesacrossdatacenterstoprovideafantastichighavailabilityofferingthatwouldcostacompanytime/money/personneltoprovidein-

house.That’soneofthemanyreasonsIencouragefolkstomovetoOffice365.

Ontheotherhandtherearestillgapsintheservicesprovidedthatrequireathirdpartysolution(aunique,all-in-onesolution)tohelpensurethetypeof1-to-1experienceyoutypicallyexpecton-premises.

Ikeepsayingthereare“gaps”.It’stimetoaddressthemopenly.

ThreeKeyAreasforConcernWe’renotgoingtopickaparteverylittlethingaboutOffice365andExchangeOnline.Thereisnopointindoingthat.It’sagreatsolution,andpricedright.I’monlygoingtohittheriskareasthatmakepeoplenervousaboutOffice365.I’llexplainwhatisbuiltinandwhyathird-partybolt-onwouldbebettertoenhancetheoverallsolution.

Security

Exchangeon-premises(2013/2016)includesananti-malwaresolutionandanti-spamagents.Theseofferverybasicprotection,somostenterprisedeploymentsofExchangelooktoathirdpartyon-premisesapplianceorcloud-basedsolutiontoreallycoverthemselvesagainstallthebadstuff:spam,malware,phishing,spearphishing,whaling,impersonationattacks,ransomwareattacksandsoon.

Spearphishingisbecomingafocalpointforattackerslookingtobreachorganizations’defenses,anditisverytreacherous.It’s

targetedagainstaspecificcompany,andhasledtosomemajor,high-publicityhacks,

becausetherewerenosolutionsinplacetohelpdetectthespearphishingattack.

ExchangeOnlinecomeswithafreesolutioncalledExchangeOnlineProtection(EOP).It’senabledbydefaultandprovidesbasicanti-spam/malwareprotection.Doesitwork?Itdoes…andtheEOPdevteamisaggressivelyseekingtoimprovethesolution.However,thelastthingyouwantistogetpulledintoasecuritymonoculture.

Thetermmonocultureisdefinedasacommunityofcomputersthatallrunidenticalsoftwareandhavesimilarvulnerabilities.Office365mightbe

consideredaSaaSSecurityMonocultureifutilizedwithoutathird-partylayeredsecurity

solutionapproach.

On-premises,everycompanyhandlessecurityalittledifferently,withacombinationofvendorsinvolved,multiplelockstopickandeachcompanyitsowntarget.WithOffice365alltenantsaretogetherunderthesamesecuritycodebase,providingaverytargetrichenvironment.

DanGeer,ariskmanagementspecialistandcyber-securityexpert,hasrepeatedlypointedouttheproblemofasecuritymonoculture,especiallywithregardtoMicrosoft.HisprimaryfocuswasonthenumberofMicrosoftworkstationsconnectedtotheInternet.Butanevengreaterthreatistohaveamulti-tenantemailsolutionmonopoly(whichisinevitableatthispoint)withasinglesecuritysolutioncodebaseprotectingallthetenants.

Thinkoftheillustration“don’tputallyoureggsinonebasket”.Well,withOffice365you’reputtingallyoureggsandeveryoneelse’seggsallinonebigbasket.AmItheonlyonewhogetsnervousaboutthat?

EOPonitsowndoesn’tprotectagainstsomeoftherecentattacktypeswithweaponizedattachmentsandlinksthatmakeitthroughthefirstlineofdefenseandintoanend-user’smailbox.SoMicrosoftreleasedanewsolutioncalledAdvancedThreatProtection(ATP).ATPisincludedwithanE5planoryoucanpurchaseitasanadd-onperuser($2peruser/month).

ATPofferstwonewprotectionfeaturescalledSafeAttachmentsandSafeLinks.Theconceptissimple.Twowaysthebadguysgettoyourendusers(besidestheeasy-to-spotspamandattachedknown-virusattachments)arewithattachments(thatmayappearsuspiciousbutaren’tKNOWNtobebad)andwithlinksthatleadtositesthatare“ok”whentheyfirstcomethrough,butmaybecomeharmfulontheback-endduetoatargetedspearphishingattack.Atthetimetheuserclicksthelink(whichhasalreadybeenclearedbyyourfirstlineofdefenseandissittinginyourusers’mailbox)theURLispointingtoamalicioussite.So,safeattachmentsusesasandbox‘detonationchamber’toensuretheattachmentisharmless.Andthesafelinkwillcomparethelinktoablocklistcorrespondingtothetimeyouclickthelink(whichcouldbethenextday,week,monthforanend-user).

Intruth,anyimprovementsinsecurityoverbare-bonesEOPisawelcomechange(althoughthepricepointfeelshighconsideringtheenhancementsoffered).

Firstoff,sandboxinghasitsplace,butithasafewholesintheuseofthetechnology.Forone,itcauseslatencyinyourreceivingofemails.Microsoftsaystheexpecteddelayis4or5minutesbutcanbeasmuchas30minutes(whenittimesout).Andthereismalwarethatknowswhenit’sinasandboxandremainsdormant.

Asforthetime-of-clickprotection,theideaissolid.Youcantrainyourendusersalldaylongtoavoidphishingorspearphishing,butyouneedtoalsoprovidetechnologythatwillassistthemshouldtheyclickalinkthatlookslikeitcamefrom

avalidsource(ie.theirboss).However,thesafelinksfeaturejustchecksagainstacontinuouslyupdatedblocklist.Nothingdynamichappenstoreachoutandreallyseeifthatlinkgoestoasitethathassomethingharmfulrunninginthebackground.It’sstillagoodenhancement,it’sjustnotagreatenhancement.Notwhenyouhavethird-partysolutionsthatcanscanthesiteandlookforthreats.

Longstoryshort,ExchangeOnlineProtection(withorwithouttheAdvancedThreatProtectionpiece)islacking.Andit’slackingnotjustduetoafeaturecomparisonwiththird-partyoptions,becauseovertimethegapinfeatureswillclose.MicrosoftwilleventuallygetEOPuptoparwiththebestofthebestinsecurityoptions.BUT…itwillstillbeasinglelocktopick,asecuritymonoculture,andthatiswhereasecondarybolt-onsolutionshouldbeseriouslyconsidered.Don’tjusthopeyou’resafe,knowyou’resafe.PLANtobesafe.

Honestly,I’mjustabelieverinthewisdomofalayeredsecurityapproach.Multiplechuteswhenyoujumpoutofaplane.Ipromoteendpointprotection,DNSlevelprotection,userbehavioranalytics,etc.AndI’mahugeproponentofathird-partycloud-based

securitygatewaywithExchange/Office365.

DataAssuranceArchiving

Yearsbackwedidn’tworrysomuchaboutarchivingdata,weworriedonlyaboutbackingitup.Butwiththemanyscandals(thinkEnron)andlawsuitscroppingupthatrequiredtherequestingofallemailcommunicationwithinacompany,aneedarosetoprovideeDiscoveryinamucheasiermannerthangoingthroughbackuptapes.TheadventofarchivesolutionsandeDiscoveryallowedITadminstoprovecompliancethroughdiscoveryofdata.

On-premisesExchangeadministratorsreachouttotheecosystemofthird-partysolutions(softwarebased,hardwareappliance-based,cloud-based)toprovideanarchiveofdata.Assureddataretention=discoverability=compliance(whichmeansnofinesorjailtimefortheITadmin).

Exchangeon-premisesdoesNOTincludeanenterprisegradearchivesolution.Andguesswhat?NeitherdoesExchangeOnline.

IsaythisandIcanhearsomeofyourespondingwith“butwait…doesn’tExchangehavean‘in-placearchive’feature?”Icannottellyouhowfrustratingthatnamingistome.Yes,itdoeshavethatfeature.AndIlikeit.Butit’spoorlynamedinmyopinion.Ibelieveitshouldbecalleda‘pstrepository’feature.Letmeexplain.

Inanon-premisesenvironment,youcanhaveahighperformancestoragesolutionthatyouwanttorunyourmailboxdatabasesoffof.AndeventhougheveryeditionofExchangeoverthelast10years(2007,2010,2013and2016)hasimproveddatabaseperformancetremendously(inpartbecausetheypulledoutSISsingleinstancestorage)andJBODarraysshouldbemorethanadequateforyourenvironment,inmyexperienceformostorganizations,therearestillplentyoffolkswhowanthighperformancediskfortheirdatabases.However,iftheywishtoeliminatepstfilesandallowuserstobloattheirmailboxesabit,the‘in-placearchive’featureallowsadminstouseasecondarydatabaselocation(typicallyoncheaper,slowerdisk)forthatdata.Totheenduser,italllookslikeonemailbox(theInboxandIn-PlaceArchive),butinreality,thedatacouldbeintwoseparatedatabases,ontwoseparatestoragesolutions.

Whatdoesthismean?Itmeansyoucaneliminatethat.pstnightmareinyourorganization.Doesitprovideanenterprisegradearchive?Notatall.Becauseifwesayanarchiveisallaboutretention,discoverabilityandcompliance,thenthebasic

flawoftheExchangeInboxandIn-PlaceArchiveinthatroleisthatbydefaultenduserscandeletethedataineitherone.Iftheusercandeletedata,thenyoucannotensurediscoverabilityandthesolutioncannotbecompliant.Gameover.

Ah…butMicrosoftknowsthis.Theyknowitandhaveasolutiontoensurediscoverability,Legal(orIn-place)Hold.Ifyouplaceallmailboxesonlegalorin-placeholdfromdayoneinOffice365thennoemailcanbedeletedfromthesystemanditwillalwaysbediscoverable.

Onenoteonthis,ifyoudidthiswithanon-premisesenvironmentyouwouldbloatoutyourstorageandwouldnotbepleased.ButwithOffice365,youcanbloatthatstorageoutandyou,theadmin,don’thavetoworryaboutit.MicrosoftWANTSyoutodothisbecausethelargeryourdatagrows,thelesslikelyyouwilleverleavetheirsystem.Thestressofdoingsowouldmakeitprohibitive.Icallthisthe“HotelCalifornia”approachtocustomerretention.Youcancheckoutanytimeyoulike,butbecausethedatabloatisexcessive,makingthemoveanightmare,“youcanneverleave”.Brilliantreally.

Legal/In-PlaceHoldisaband-aidsolutionhere.LegalHoldwasdesignedtobeaproactive(orreactive)approachtosituationswhereHRisapproachedwithsomeformoflitigationagainstMr.Nastyinyourcompanywhohasbeensendingsexuallyharassingemailstohisassistantandyouneedtostophimfrompermanentlydeletingsuchcontentfromhismailboxsoyoucanprovidediscoverabilityofit(ifitdoesindeedexist…innocentuntilproven…andallthat).Mr.Nastyisn’tevenawarehismailisonhold.IfhetriedtodeleteemailitsimplygoesintoahiddenRecoverableItemsfolderthatcanbesearchedduringeDiscoverybythosewiththeproperpermissions.

Withalegalholdscenariothewholemailboxisonholduntiltheholdislifted.Within-placeholdthereissomeflexibilityintermsofwhatyouholdandforhowlong.Andthesesolutions

haveanabsoluteplaceintheworldofcompliance.It’sagoodfeaturelike‘In-placeArchive’(aka.pstrepository)is.Butit’snotwhatwecometoexpectfromagenuine,enterprisegradearchivesolution.

Modernarchivesolutionskeepasecondarycopyofthedata(whichcanalsobeusedforrecoverability,ifnecessary).Typically,end-usershaveread-onlyorinteractiverightstothedata(sotheycanfindandinteractorrecoveremailsfromtheirpastbutnotdeletethoseemails),somethingyoucannotdowiththe‘hold’solutionsinOffice365.

Inaddition,insomecasesabusinessmayberequiredtopurgedata(forexample,inthecaseoflitigationwherethejudgedeterminesthereisaneedtopurgetheexistingdata).Mostenterprisegradearchivesolutionscandothat.The‘hold’optionscannotdoiteasily(norcantheydoitwithoutthepossibilityofahumanerrorcausinglostdata).

Inshort,Ipreferaseparatedatabankformyarchivebecauseitprovidesmewithagreaterlevelofcomfortabilityduetoa)myabilitytoswitchserviceswithoutgettingstuckina“HotelCalifornia”situation…soIlikethedataagility/portabilityaspectofit,b)myendusershavetheabilitytosearchandinteractwiththeirread-onlyarchive,c)purgingdataiseasierandlesspronetousererrorandd)sinceOffice365doesn’thaveabackupofthedata,itgivesmepeaceofmindknowingthatIhaveasecondcopyofemail,shouldIneedtorestoreit.

Iknowtherearemultiplepassivecopiesofthedataandthat’sasolidsolution,butIstill

likeknowingIhaveacopy.Callmeadinosaur,butI’vebeenburnedbeforeinthis

regardandliketobeextracautious.I’dratherplanforaproblemthanhopeit

doesn’thappen.

ContinuityorAvailability

Allcloudservicesfailfromtimetotime.Thereasonsvary,andthelengthoftimeisunpredictable.Andithappenstoallvendors,sothereisnopointinbashingMicrosoftfordowntimeofOffice365pieces(includingExchangeOnline),becauseeverymajor/minorvendorhasdealtwithit.Thereisnoperfectvendorwithaperfectamountofuptime(that’simpossible).

However,Istillconsiderthistobeagapandanareaforriskmitigation,becauseitcomesdowntowhetherornotyouhaveoptionswhen/iftheserviceisdown.It’slikejumpingoutofaplane.Youhaveaprimarychuteandhopeitworks.Buteveryonceinawhile,itmaynot(forwhateverreason).Itsureisalifesaverknowingyouhavethatbackupchuteinplace.

Microsoftdoesafantasticjobofdataprotectionmanagementthroughtheirnativedataprotectionsolution.ThisutilizestheExchangedatabaseavailabilitygroup(DAG)featuretoensuretheactivedatabasehasmultiplepassivecopies(lagged)splitbetweendatacenters.Ontheplussidethisreallyeliminatesalotofriskoveryourexistingdata.Butthereareafewthingsthisdoesn’tprovide.Itdoesn’tofferabackupofdatasoyoucanrestoretoapointintime.Itdoesn’tensureotheressentialservicesthatworkwithOffice365willremainupandrunning(likeAzureAD,EOP,etc.)Itdoesn’tgiveyourendusersawaytoworkintheeventtheprimaryservicegoesdown.

SomemaywonderhowtheymightobtainOffice365outageinformation.Isitpublic

knowledge?Itis,actually.MicrosoftpublishestoanOffice365HealthTwitter

feed.@Office365HealthIt’snottheeasiestwaytogaininformationbutitworks.AndthetwitterupdateslinktotheServicePortal

foryourOffice365.

KeyTakeawaysOffice365isafantasticsolution,especiallyExchangeOnline.Andit’sthewayofthefuture.MoreandmoreorganizationsofallsizesandbusinessrequirementsaremakingthemovetoOffice365,primarilyduetoitsemailoffering.

AssolidasolutionasOffice365is,therearegaps.Thesegapsrelatetorisksthatneedtobemitigated.Inthepast,withon-premisesExchange,welookedtoecosystemsolutionstomitigatethegapsinExchange.Wecouldboltonseveraltop-notchsolutionsandmakea“better”emailenvironmentasaresult.

WhataboutwithOffice365?

AlthoughMicrosofthasmorecontroloverthesolutionbecauseit’shostedintheircloudandtheycanenhance,improve,developandtweakitalldaylong…therearestillgaps.Therearerisks.Andtheseresideprimarilyintheareasofsecurity,dataassuranceandcontinuity.

It’sobvioustheseriskscausefear,uncertaintyanddoubt(fud).Buttheydon’thaveto.MyencouragementtoanyOffice365currentcustomerorpotentialcustomeristolookonceagaintotheecosystemtofindwaystomitigatetherisks.Anall-in-onebolt-onsolutionthatcanaddressthepainpointsandenhancewhatMicrosoftprovides.

Whyanall-in-one?Well,unlikeon-premiseswhereemailcanmovethroughyourbolt-onpiecesinananosecond,withthecloudyoucannothave(ordon’twishtohave)emailboundingfromonedatacentertoanother,fromonesolutiontoanother,beforereachingtheMicrosoftdatacenterthatholdsyourmailboxes.Thatleveloflatencywouldbeprohibitive.Rather,lookforasinglesolutionthatdoesitall.

Thequestionis…doessuchasolutionexist?

VendorSponsor:Mimecast’sComprehensiveRiskManagementforOffice365

Mostinformationyoureadaboutwhenitcomestoathird-partysolutioniswrittenbythethird-party.Theytellyou“we’reawesome!Andhereisadocumentthatprovesit!<cough><cough>writtenbyus<saidinawhisper>”.Evenifitistrueitcertainlydoescauseaneyebrowtoriseandthecynicalsidetouscomesout.Doesn’tit?

That’swhyItoldmyfriendsatMimecastIwantedthemtoletmewritethisupinmyway.Iwantyoutoseetheirsolutionthroughmyeyes.Iwon’tbeabletogiveyoueverylastbellandwhistlebutIwillcertainlybeabletotellyouhowitwilladdvaluetoeitheryourOffice365ExchangeOnlineorhybridenvironment.Andifyouaren’tonOffice365,MimecastmakesExchangeon-premisessaferandfuturemigrationseasier.

Mimecastwasfoundedin2003byPeterBauerandNeilMurray.Thesewereregularpeople,IT/Devadminsthatsawaproblemandwenttoworkfixingit.Theproblemtheysawwasthatemailwasbecomingmoreandmorecomplextohandle.Theybuiltacloud-basedsolutiontotheproblemthatprovided

emailmanagementandriskmitigation–andthecompanytookoff.

SecurityEmailmanagementcanmeansomanythings,sowhatisitREALLYthatMimecastprovides?Well,forstarters,anti-spamandanti-malware.Keepthejunkfromeverreachingyouron-premisesExchangeorOffice365servers.Mimecast’ssolutionsitsbetweenyourorganizationandtheInternetandprovidescompleteprotectionfromspam,viruses,malware,whaling,zero-dayattacks,ransomware,phishing,spearphishinganddataleaks.

MimecasthasaservicecalledTargetedThreatProtection(TTP)whichfocusesonreal-time,whaling,ransomware,spear-phishingandotheradvancedthreats.Onewayitdoesthis(thatIthinkisbrilliant)isbyconvertingincomingdocumentstoPDF.Soratherthansendeverydocumentthroughasandboxdetonationchamber(ie.avirtualmachinetoopenthatdocumentandseeifitwilldoharm)itwillconvertittoPDF,thusrenderingharmlessanymaliciouscodewithin.AndthenifthepersonWANTStheoriginaldocumentitcanbesandboxed.Averycreativeapproachtoeliminatethelatencyoftryingtosandboxeverysingleincomingdocument.

MimecastalsorewriteseveryinboundURLforon-clickprotection.Andidentifieswhalingemailsthattryandstealmoneyordata.ThosearejustsomeofthecoolfeaturesinTTP.

Butitdoesn’tstopthere.Mimecasthasasecuremessagingsolutionthatisverycustomizableandeasytoworkwith.Theyalsohavea‘largefilesend’(LFS)solutionsothatend-userscansendfilesupto2GBinsizerightthroughtheirOutlookclient(iftheplug-inisused).

TheMimecastSecureEmailGateway(SEG)usesseveraldetectionenginesforamulti-layeredapproach.Itincludesthe

abilitytodeploypoliciesthatassistwithdataleakprevention(DLP)andcontentcontrol,aserioussorespotformostorganizations.So,Mimecastkeepsthecompanydataconfidentialwhilekeepingthebadguysoutatthesametime.Anditdoesthisnomatterwherethepersonisconnected(LAN/Wi-Fi/Internet)andnomatterwhichdevice(desktop,laptop,mobile/tablet).

ArchiveMimecastprovidesanindependent,enterprise-gradearchivesolutionwithapowerful,high-performanceeDiscoveryservice.Thisreducesyouron-premisesstoragecostsbecausethearchiveensuresyouhaveanaccessiblecopyofthatdataatalltimes.

LetmeexplainthisabitfurtherbecauseIdon’tthinkeveryoneunderstandsthevalueofthissolution.UsingMicrosoft’sin-placearchivesolutionisgreatforeliminatingPSTfilesbutnotgreatforenterprisearchiveandregulatorycomplianceprotection.Why?Becauseend-userscandeletewhatevertheywant.Andforthattostopyouhavetoenableaformoflegalhold(litigationholdorIn-PlaceLegalHold).Thiscreatesmorestoragebloatbutdoesstopend-usersfromdeletingthingspermanently.It’sjustnotflexibleandnotinteractive.

WiththeMimecastsolutionyouhaveemailarchivedbeforeitevenreachesyouron-prem/O365servers.Userscandeletewhatevertheywant.Notabigdeal.Youhaveanarchive.Nowthecoolthingisthatthisisanaccessiblearchive,notbackuptapesthatsitinavault.End-usersaregiventoolsthatintegratewithOutlooksothattheycanperusetheirarchiveandfindemailstheymayhavedeletedaccidentallyandrestorethem(noITinterventionrequired…justalittletraining).BUT…iftheywanttodeleteanemailthatmaybeincriminating…nope,notpossible.Note:Mobileappsarealsoavailable.

Iliketocallthis“preventativelitigation”.Thinkaboutit.Ifyouknow,asanend-user,thateverythingyousendandreceiveisbeingarchived,isnon-deletable,iseasilylocatedwitheDiscovery…howstupidwouldyouhavetobetosendsomethinginappropriate?Hence,preventativelitigation.Astrongdeterrent,ifyouwill.

Ifyourecall,ImentionedinthelastchapterthatOffice365doesn’thaveapoint-in-timebackup/recoverysolution.It’sonereasonwhyIfeelaseparatedatabankarchiveisvaluableintheeventsomething“bad”happens–beithumanerror,technicalfailure,aransomwarestrikethatrequiresarestoretoapointintime,whateveritmightbe.

ContinuityIrememberat5yearsoldbeinginthemovietheatreforthefirstSupermanwithChristopherReeves.DoyourememberthepartwhereLoisLanefallsoutofthehelicopterandSupermancatcheshersaying“Don’tworrymaam,I’vegotyou.”Andshesays“You’vegotme?!Whosegotyou!!!???”Classicline.Goodquestionthough.

So,youhaveallthesedifferenttypesofServiceLevelAgreementsfromMicrosoft.SLA’spromisemanythingsandoneofthemisavailabilityofyourservices.Butwhathappensif/whentheservicegoesdown?Ithappens.Ithappenswithon-premisesExchangeandithappenswithhostedsolutionsandevenOffice365.Sure,theSLAtypicallyofferssomekindofrestitutionbutwhatifyoudon’twantrestitution,youwantavailabilityofservice?Microsoftcannotbeitsowncontinuitybackupsolution.

HereiswhereMimecastisabrilliantsolution.Theykeepusersworkingduringon-premorcloudoutages.Likeabackupparachute,shouldtheprimarynotopen…youdon’thavetofreefall,youcanpullthesecondarycordandglidetosafety.

So,let’ssaytheOffice365servicegoesdown.WithMimecastyourend-userswillhavenoideathereisaproblem.TheycancontinuetosendandreceiveemailasiftherewasnofailurebecauseofMimecast’sOutlookplug-inormobileapp.Sotheyjustkeepworking.Onceyourserverscomebackonline,Mimecastwillsyncupwiththemandtheworldkeepsturning.

AndifMimecastisalsoyoursecuritysolutionandarchivesolution,havinganoutagethatrequiresacontinuityassistfromMimecastdoesn’talteryoursecurityandarchivecapabilitiesintheslightest.Youarestilljustasprotectedandcompliant.

KeyTakeawaysDespitetherisksofmovingtothecloud,byaddingathird-partyall-in-onesolutionlikeMimecastyoucanmitigatethoserisks,eliminatetheFUD,andplanforsuccessratherthanhopeforit.

TheMimecastAdminConsole

So,that’smypersonalopiniononMimecast’sRiskMitigationSolutionforOffice365.I’drecommendyoucheckthemout.Theaddedvalueyouwillreceiveatsuchareasonablepricepointisunbelievable.

NOTES

NeedBackCoverAD

BackinsidercoverAd:A5"by8"highqualityJPG(5.5x8.5"allowingfora.5"bleed)Colorschemeisyourchoice(pantone,RBG,CMYK)