Upload
others
View
13
Download
0
Embed Size (px)
Citation preview
SponsoredbyMimecast
Mimecastmakesbusinessemailanddatasaferfortensofthousandsoforganizationsandmillionsofemployees.Foundedin2003,the
Company'snext-generationcloud-basedsecurity,archivingandcontinuityservicesprotectemail
anddelivercomprehensiveemailriskmanagement.
www.mimecast.com
ConversationalOffice365RiskMitigation
ByJ.PeterBruzzese
©2016ConversationalGeek
ConversationalOffice365RiskMitigationPublishedbyConversationalGeekInc.
www.conversationalgeek.com
Allrightsreserved.Nopartofthisbookshallbereproduced,storedinaretrievalsystem,ortransmittedbyanymeans,electronic,mechanical,photocopying,recording,orotherwise,withoutwrittenpermissionfromthepublisher.Nopatentliabilityisassumedwithrespecttotheuseoftheinformationcontainedherein.Althougheveryprecautionhasbeentakeninthepreparationofthisbook,thepublisherandauthorassumenoresponsibilityforerrorsoromissions.Norisanyliabilityassumedfordamagesresultingfromtheuseoftheinformationcontainedherein.
TrademarksConversationalGeek,theConversationalGeeklogoandJ.theGeekaretrademarksofConversationalGeek.Alltermsmentionedinthisbookthatareknowntobetrademarksorservicemarkshavebeenappropriatelycapitalized.Wecannotattesttotheaccuracyofthisinformation.Useofaterminthisbookshouldnotberegardedasaffectingthevalidityofanytrademarkorservicemark.
WarningandDisclaimerEveryefforthasbeenmadetomakethisbookascompleteandasaccurateaspossible,butnowarrantyorfitnessisimplied.Theinformationprovidedisonan“asis”basis.Theauthorandthepublishershallhaveneitherliabilitynorresponsibilitytoanypersonorentitywithrespecttoanylossordamagesarisingfromtheinformationcontainedinthisbookorprogramsaccompanyingit.
AdditionalInformationForgeneralinformationonourotherproductsandservices,orhowtocreateacustomConversationalGeekbookforyourbusinessororganization,pleasevisitourwebsiteatConversationalGeek.com
PublisherAcknowledgments
Allofthefolksresponsibleforthecreationofthisguide:
Author: J.PeterBruzzese
ProjectEditor: NickCavalancia
CopyEditor: JohnRugh
ContentReviewer: DavidHood
NotefromtheAuthor
Greetings!
Youmayfindthishardtobelieve,consideringthefactthatI’manOfficeServersandServicesMVP,buttherewasatimewhenIcampaignedadamantlyagainstgoing‘cloud’foryourenterprisegradeserverservices.Ifeltitjustwasn’tready.Myfear,uncertaintyanddoubt(theFUD)wereoffthecharts!Nothingcouldchangemymind.AndthenIchangedmymind.
IstartedtoseethecompaniesIconsultwithseriouslyconsideringthemovetothecloud.CIOsweremandatingthemove,andITadminswerestucktryingtofigureouthowtomakeithappenandhowtopreparefortheworst.Imadethedecisiontogo‘allin’andimmersemyselfinOffice365inordertobeabletoassistmyclientstoagreaterdegree.Andinallhonesty,Ifellinlovewithit.
Afternearly2decades(ascore,ifyouwill)ofExchangeon-premisesfocus,Ifounditsomucheasiertoletothersworryaboutthehardware,upgrades,availabilityandsoforth.Thesideservices(ahem…Yammer)don’tenticeme,butfewareswitchingtoOffice365forthesideservices.E-mailiswhattheyreallywant.
However,Idiscoveredthereweresomegaps.AreasofconcernthatIhadtomitigate.RisksthatIdidn’twanttojusthopeandpraywouldn’thurtme.Iisolatedthoserisks…andfoundwaystomitigatethem.ThisbookwilltellyouwhatIdiscovered.
J.PeterBruzzese
The“Conversational”Method
Wehavetwoobjectiveswhenwecreatea“Conversational”book:First,tomakesureit’swritteninaconversationaltonesoit’sfunandeasytoread.Second,tomakesureyou,thereader,canimmediatelytakewhatyoureadandincludeitinyourownconversations(personalorbusiness-focused)withconfidence.
Thesebooksaremeanttoincreaseyourunderstandingofthesubject.Terminology,conceptualideas,trendsinthemarket,andevenfringesubjectmatterarebroughttogethertoensureyoucanengageyourcustomer,team,co-worker,friendandeventheknow-it-allBestBuygeekonalevelplayingfield.
“GeekintheMirror”Boxes
Weinfusehumorintoourbooksthroughbothcartoonsandlightbanterfromtheauthor.Whenyouseeoneoftheseboxes,it’stheauthorsteppingoutsidethedialogtospeakdirectlytoyou.Itmightbeananecdote,itmightbeapersonalexperienceorgutreactionandanalysis,itmightjustbeasarcasticquip,butthese“geekinthemirror”boxesarenottobeskipped.
Greetings.TheycallmeJ.WithintheseboxesIcansharejustaboutanythingonthe
subjectathand.Read’em!
Office365(101)forITProfessionals
WhatisOffice365?Therearetwoanswerstothisquestion,onefortheend-user,thosefolkswhousetheservicesprovidedbyOffice365,andonefortheITprofessionalsanddecisionmakerswithinacompany.ThisbookfocusesontheITProandsowewillanswerthequestionfromthatperspective.
Office365isMicrosoft’scloudsuiteofcollaboration,communicationandproductivitytools.Inlate2015theOfficeBlogcalledit“oneofthefastestgrowingbusinessin
Microsoft’slonghistoryofprovidinginnovativetechnologyproducts”.
AttheApril2016FY16Q3results,CEOSatyaNadellasaidOffice365hasover70millionactiveusers,withthenumberoflicensessoldbutnotusedlikelymuchhigher,accordingtoMicrosoftMVPTonyRedmond.
Asfastasitisgrowing,therearestillmanywhodon’treallyknowwhatitis.Intruth,thenameisabitconfusing.It’sgoodtonotethatitspredecessorhadanevenworsename:BusinessProductivityOnlineSuite(orBPOSforshort).
ThereasonOffice365isconfusingisbecausemanyfolksthinkitisreferringtothenextflavorofOffice,andtoadegreetheyarecorrect(I’llexplainthat).ButtheprimaryofferingisactuallyMicrosoft’shosted(akaonlineinthe“cloud”)versionsofExchange(ExchangeOnline),SharePointandSkypeforBusiness(aswellasavarietyofothertoolsdependingontheplanchosen).
Let’sbreakdownwhatOffice365isallabout.
Office365ServicesOneofthemostcompellingservicesforOffice365istheabilitytohavehostedmailboxesforemailhandledbyMicrosoftandintheirdatacenters.Fromasimplisticpointofviewthedifferencebetweenyourmailboxbeingon-premisesorinthe“cloud”isthatyoucankicktheserveron-premises,butifyoufindthelocationofyourdatacenterandmakeyourwaytoitandtrytokickaserveryouwillbetakendownbysecuritybeforeyougetwithin100feetoftheperimeter.Andifyoudidmanagetosneakin,thereisnowayyouwouldeverfindtheserverwithyourmailbox.Ever.
So,arewesayingthatOffice365isjustanemailsolutionofferedbyMicrosoft?Thatisoneofitsmanyfeatures(andaprimaryoneatthat).Microsoftwantsyoutotrustthemwith
yourmailboxes.Isitfree?LikeGmail?Well,Gmailisfreetoindividuals,andMicrosoftLiveaccountsarefreetoindividualstoo.ButOffice365isasubscriptionserviceandtheofferingsgobeyondjustemail.
Office365isasuiteofservicesthatincludeemail,collaborationthroughanintranetSharePointsite,onlineconferencing/IM/presence,filestorageandsharingthroughOneDriveforBusiness,enterprisesocialnetworkingthroughEnterpriseYammer,OfficeOnline,desktopversionsofOffice(includingWord,Excel,PowerPoint,Outlook,Notepad,Access,PublisherandSkypeforBusiness)andahostofotherservicesdependingontheplanyouchoose.
Yammer
ThedesktopversionsofOfficeareincludedaspartofasubscriptionplansothatratherthanpurchasingafulllicenseforOfficeforseveralhundreddollarsyoucanpurchaseasubscription-basedOffice(whichisnowOffice2016atthebase)thatyoupayformonthly.Samesolution,differentpaystructure.
ABreakdownofServices
• ExchangeOnline:Allowsyoutohavebusiness-classmailboxesforyourcompanyhandledbyMicrosoft.Microsoftmakessuretheyareredundant(multiplepassivecopies),available,secure,etc…
• SharePointOnline:Allowsyourcompanytosharedocumentsandcollaboratethroughworkflowtools.
• SkypeforBusinessOnline:ProvidesIMandpresencecapabilities,aswellasonlinemeetingtools(audio/videoconferencingandscreen/applicationsharing).
• OneDriveforBusiness:Cloudstoragetostore,sync,shareandcollaborateusinganydevice.
• YammerEnterprise:Abusiness-basedsocialnetworkingtoolforpeopleinyourcompany.Likein-houseFacebook!Youcanpostmessages,pictures,documents,etc…andcommunicateandcollaboratewithcolleaguesthroughYammer.
• MobileApps:ThereareavarietyofdifferentmobileappstohelpyouworkwithyourOffice365solutionincludingOfficeforiPad,OfficeMobile(alreadyinstalledonyourWindowsphonesandavailableforiPhoneandAndroidmodels),OutlookMobile,SkypeforBusinessMobile(alsoavailableforWindowsphones,iPhone/iPadandAndroid),OneDriveappandmore.
ABevyofFeaturesandApplicationsMicrosoftisalwaysreleasingeithernewservicesornew/improvedfeaturestoexistingservices.It’soneofthebenefitstohavingservicesinthecloud.Thereleasecadenceisincredible(andhardtokeepupwithattimes).
Toseeandaccessfeatures,youmayneedtologintothewebportalforOffice365andaccessthemthroughtheAppLauncher.
Office365AppLauncher
Recentnewfeaturesandenhancementsincludethefollowing:
• OfficeGraph:Usesmachine-learningtechniquestoconnectyoutowhatitdeterminestoberelevantdocuments,conversations,andpeople.Itwatcheswhatyoudo,whatinterestsyou,andwhatyoutreatasimportanttoprovideapersonalizedexperiencearoundyourworkflow.
• Office365Video:Providestheabilitytouploadvideocontenttoyourcompanyportalsothatyoucansharethiskindofcontentquicklyandsecurely.Note:MicrosoftalsoannouncedanewsolutioncalledStreamfornext-genvideoservicestoreplaceOffice365Video.
• Clutter:Weallreceiveemailthatwemayhavesignedupfor(suchasanewsletter);thatemailisnotjunk,butyouprobablydon'tconsideritveryimportant.ClutterusestheintelligenceofOfficeGraphtoseehowimportant(orunimportant)emailistoyou.Itlearnsovertimeyourlevelsofimportance,thenusesthatanalysistoseparatetheclutterfromotherinboxitems.Youcanquicklyscantheclutter,markindividualitemsas"notclutter,"andtakeactionontherestofit,suchasdeletingitall.Ofcourse,ifyoudon'tlikethefeature,youcanturnitoff.
• Delve(codenamewasOslo):workswithOfficeGraphtocreateaPinterest-liketrendingviewbasedonwhatyou'reworkingon.Itistailoredtoyoupersonally.
Delve(graphicfromblogs.office.com)
Office365:TheAdminPerspectiveAsmentioned,Office365isallaboutthehostedservicesyoucanobtainbychoosingapackagethatfitsyourneeds.Atthesametimeit’salsoaboutsubscriptionOffice(ifyoupickaplanthatincludestheOfficesuite).ThereareBusinessandEnterprise(E1/3/5)planstochoosefrom.TherearealsooptionsforEducation,Government,NonprofitandHome(forpersonalplans).
Everyplanyouchoosehasabaseofservicesandifyouneedadditionalservicesnotinyourplanyoucaneitherchoosethenextplanuporaddservicesalacarte(solongasthatmakessensefinanciallywhencomparedtochoosingthenextplanup).
SeveralPlanOptions
Logically,theplanyouchoosewillhaveapricetagattachedandthiswilloftendrivethedecisiononwhichplanisbestforyou.Youwanttobecarefulthattheplanyouchooseincludesfeaturesyouwant.Forexample,ifyougeta“business”plan,youmaynothavesomeoftheregulatorycompliancefeaturesyouwouldliketohave(likepremiumjournaling)includedinan“enterprise”plan.Youcanalwaysupgradeyourplanifyouneedtobutitwouldbebettertoknowup-frontwhatyourplansupports.Theseplansarenotjustbasedonnumberofseats,theyhaveenabled/disabledfeaturestoconsiderandsomeincludeOfficewhileothersdonot.
IpersonallyloveworkingwithOffice365.WhenIlogintotheOffice365admincenterI’mgreetedwithanoverviewofservices.Icanseeimmediatelyifthereareanyissueswithmyservicesandseeiftherearehealth
issues.
Icaneasilyaddnewuserstomyportal,pullupreportsandmore.It’sveryeasy.WhenworkingwithspecificfeaturesofOffice365,likeExchangeOnline,Ihavetheabilitytoworkwith
asimilarweb-basedportalsolutiontowhatIuseon-premises.SofromanITadminperspectiveit’sgreattonothavetolearnawholenewinterfacewhenworking.
Oftentimeswithhostedsolutionsitdoesn’tworkthatway.Yougetsomekindofproprietarytoolset(web-based)thatgivesyouverylimitedoptions.ButwithOffice365yougetaveryrobustadministrationexperience.Asclosetoon-premisesasyoucanhopeforwithahostedsolutioninmyopinion.
Inaddition,youcanestablisharemotePowerShellconnectiontoOffice365andperformmany(butnotall)tasksthroughthecommand-lineasyouwouldthroughtheShell.
Office365AdminCenter
TheOffice365TrustCenterMicrosoftknowsthatitishardtotrustsomeoneelsewiththelifebloodofyourcompany…data.Therehavebeensomescarybreechesinsecurityoverthepastfewyearsandithasfolksabitleerywithregardtousingthecloudforcorporatedata.
ToassistpeopleinlearningallthatMicrosoftisdoingtoearnandmaintainthattrusttheyhaveestablishedaTrustCenter
forOffice365.ItfocusesonhowOffice365hasbeendesignedwithbuilt-insecurity,continuouscompliance,privacybydesignandtransparentoperations(eachsubjectgettingitsowntabtodrilldownabitmoreonthesubject).
Note:TheOffice365TrustCenterURL:https://products.office.com/en/business/office-365-trust-center-cloud-computing-security
KeyplayersintheOffice365spacehavebeencreatingvideocontentforaseriescalled“Conversationsfrominsidethecloud”thatfocusesonkeysubjectslike“WhytrustOffice365?”withJuliaWhite(GeneralManagerforOffice365)andRajeshJha(CorporateVicePresident,OperationsandServicesEngineering).Anothergreatonetowatchis“Isyourdatasafeatrest?”withVivekSharma(PartnerGroupProgramManager,Office365Engineering)whichhassomecooldatacentersecuritypoints.
OneofthebenefitsoftheTrustCenteristhatyoucanusethiscontenttohelpdecisionmakerswithinyourorganizationfeelmorecomfortableaboutthemovetoOffice365.Youmaybeconvincedit’stherightmoveforyourorganizationbutyoustillhavetoconvincethefolksthatwritethechecksandthiskindofcontentisshort,tothepoint,andveryeffectiveindoingjustthat.
TheOffice365OnlineRoadmap(aka…FlightPlan)InterestedinseeingtheOffice365roadmapbutdon’thaveabehind-the-scenespresspasswithasignedNDAinplacetomakeithappen?Well,MicrosofthasanonlineroadmapforOffice365thatshowsclearlyallthefeatureslaunched,beingrolledout(butnotyetavailabletoall),indevelopment,cancelled(forthosefeaturesnolongerinthequeueorindefinitelydelayed)andpreviousreleases.
TheOffice365onlineroadmapiseasytoseeat-a-glancefeaturessothatyoucaneasilykeepuptodatewithMicrosoft’scloud-basedsolutionforallthingscollaborationandcommunicationforyourenterprise.
Ifigure,sinceOffice365isacloudsolution,insteadofcallingitaroadmap,itshouldbe
calledaflightplan.Right?
Note:TheOffice365RoadmapURL:http://fasttrack.microsoft.com/roadmap
Office365Roadmap(akaFlightPlan)
TheBigTakeawaysOffice365isMicrosoft’shostedsuiteofcommunicationandcollaborationsolutionsincludingExchangeOnline,SharePointOnline,SkypeforBusinessOnlineandseveralotheroptionsdependingontheplanyouchoose.
Thereareavarietyofplanstochoosefromwithdifferentfeaturesandpricetagsattached.Youneedtomakesuretheplanyouchooseisbestforyourneeds.
SomeplanscomewithasubscriptiontoOfficesothatuserscaninstallthelatestversionofOfficeapplications.OneofthevaluestoOffice365isthatallofthesolutions(theserver-sideonesandend-userones)arekeptuptodateandarethelatestiterationsofthosesolutionsavailable.
MicrosoftisaggressivelydevelopingouttheOffice365platformandenhancingfurtherthefeaturesthatcurrentlyexist.Youcancheckthepublicfacingroadmap(akaflightplan…it’llcatchon)toseewhat’sindevelopmentforthefuture.YoucanalsokeepaneyeonOfficeblogs(http://blogs.office.com)toassistinstayingontopofnewfeaturesandfutureenhancements.
RiskMitigationandOffice365
AsImentionedinmynoteatthebeginning,IjumpedinwholeheartedlywithOffice365withExchangeOnlineandhaven’tlookedback.However,withon-premisesExchangetherewerealwaysgapsthatcausedmetoreachouttotheecosystemsetofsolutionsfromthird-partiesthatsurroundExchangetoplugthosegaps.Asecurityappliance,abackupsolution,amonitoringpieceandsoon.IhavefoundExchangeOnlinetobesimilar,causingmetotakepauseandseekoutthirdpartysolutionstohelpmitigategapsandrisks.WhatIfindoddishowmanycompaniesaresimplyfoldingtheirhandsandsleepwalkingintoOffice365.
SleepwalkingintoOffice365Howmanyon-premisesdeploymentsofExchangehaveyoudoneovertheyears?HowmanyExchangeservershaveyoumanaged?Nowthinkaboutthis,whenhaveyoueverseenagreenfieldorlong-termdeploymentofExchangethatsimplyusedwhatExchangehadtoofferwithoutreachingouttowardecosystempartnerstoprovideimprovedservicestosurroundandsupportExchange.Granted,maybewithSmallBusinessServerdeploymentsyoumighthavefolksjusttakingwhattheygetduetobudgetaryconcernspreventingthemfromdoingmore,butinthemajorityofdeploymentcasesyouseeExchangesurroundedbyabest-of-breedorbest-in-class(orpersonalfavorite)backup/recoverysolution,monitoringsolution,securitysolution,archivingsolutionandsoforth.That’snormal.Sowhyisitwhenwemovetothecloud,andmovetoOffice365,wefoldourhandsandjustacceptwhatisprovidedorbuiltin?WhyarewesleepwalkingintoOffice365?
Well,I’mheretotellyou…WAKEUP!!!
Solutionsarchitectsneedtore-inventthemselvesgoingforwardtobecomecloudriskmitigationexperts.Theyshouldn’tjustgiveup,thinking‘ohwell,it’sallinOffice365now,myjobisdead’.Theyneedtoembrace
theirnewplaceintheuniverse.
OntheonehandtherearethingsMicrosoftcandowithamulti-tenantcloud-basedversionofhostedExchangethattheycouldn’tdowiththeon-premisesflavor.Becausetheyhavefullcontroloftheinfrastructure,theycanprovidehighavailabilityusing‘nativedataprotection’thatallowsformultiplepassive(andlagged)copiesofyourdatabasesacrossdatacenterstoprovideafantastichighavailabilityofferingthatwouldcostacompanytime/money/personneltoprovidein-
house.That’soneofthemanyreasonsIencouragefolkstomovetoOffice365.
Ontheotherhandtherearestillgapsintheservicesprovidedthatrequireathirdpartysolution(aunique,all-in-onesolution)tohelpensurethetypeof1-to-1experienceyoutypicallyexpecton-premises.
Ikeepsayingthereare“gaps”.It’stimetoaddressthemopenly.
ThreeKeyAreasforConcernWe’renotgoingtopickaparteverylittlethingaboutOffice365andExchangeOnline.Thereisnopointindoingthat.It’sagreatsolution,andpricedright.I’monlygoingtohittheriskareasthatmakepeoplenervousaboutOffice365.I’llexplainwhatisbuiltinandwhyathird-partybolt-onwouldbebettertoenhancetheoverallsolution.
Security
Exchangeon-premises(2013/2016)includesananti-malwaresolutionandanti-spamagents.Theseofferverybasicprotection,somostenterprisedeploymentsofExchangelooktoathirdpartyon-premisesapplianceorcloud-basedsolutiontoreallycoverthemselvesagainstallthebadstuff:spam,malware,phishing,spearphishing,whaling,impersonationattacks,ransomwareattacksandsoon.
Spearphishingisbecomingafocalpointforattackerslookingtobreachorganizations’defenses,anditisverytreacherous.It’s
targetedagainstaspecificcompany,andhasledtosomemajor,high-publicityhacks,
becausetherewerenosolutionsinplacetohelpdetectthespearphishingattack.
ExchangeOnlinecomeswithafreesolutioncalledExchangeOnlineProtection(EOP).It’senabledbydefaultandprovidesbasicanti-spam/malwareprotection.Doesitwork?Itdoes…andtheEOPdevteamisaggressivelyseekingtoimprovethesolution.However,thelastthingyouwantistogetpulledintoasecuritymonoculture.
Thetermmonocultureisdefinedasacommunityofcomputersthatallrunidenticalsoftwareandhavesimilarvulnerabilities.Office365mightbe
consideredaSaaSSecurityMonocultureifutilizedwithoutathird-partylayeredsecurity
solutionapproach.
On-premises,everycompanyhandlessecurityalittledifferently,withacombinationofvendorsinvolved,multiplelockstopickandeachcompanyitsowntarget.WithOffice365alltenantsaretogetherunderthesamesecuritycodebase,providingaverytargetrichenvironment.
DanGeer,ariskmanagementspecialistandcyber-securityexpert,hasrepeatedlypointedouttheproblemofasecuritymonoculture,especiallywithregardtoMicrosoft.HisprimaryfocuswasonthenumberofMicrosoftworkstationsconnectedtotheInternet.Butanevengreaterthreatistohaveamulti-tenantemailsolutionmonopoly(whichisinevitableatthispoint)withasinglesecuritysolutioncodebaseprotectingallthetenants.
Thinkoftheillustration“don’tputallyoureggsinonebasket”.Well,withOffice365you’reputtingallyoureggsandeveryoneelse’seggsallinonebigbasket.AmItheonlyonewhogetsnervousaboutthat?
EOPonitsowndoesn’tprotectagainstsomeoftherecentattacktypeswithweaponizedattachmentsandlinksthatmakeitthroughthefirstlineofdefenseandintoanend-user’smailbox.SoMicrosoftreleasedanewsolutioncalledAdvancedThreatProtection(ATP).ATPisincludedwithanE5planoryoucanpurchaseitasanadd-onperuser($2peruser/month).
ATPofferstwonewprotectionfeaturescalledSafeAttachmentsandSafeLinks.Theconceptissimple.Twowaysthebadguysgettoyourendusers(besidestheeasy-to-spotspamandattachedknown-virusattachments)arewithattachments(thatmayappearsuspiciousbutaren’tKNOWNtobebad)andwithlinksthatleadtositesthatare“ok”whentheyfirstcomethrough,butmaybecomeharmfulontheback-endduetoatargetedspearphishingattack.Atthetimetheuserclicksthelink(whichhasalreadybeenclearedbyyourfirstlineofdefenseandissittinginyourusers’mailbox)theURLispointingtoamalicioussite.So,safeattachmentsusesasandbox‘detonationchamber’toensuretheattachmentisharmless.Andthesafelinkwillcomparethelinktoablocklistcorrespondingtothetimeyouclickthelink(whichcouldbethenextday,week,monthforanend-user).
Intruth,anyimprovementsinsecurityoverbare-bonesEOPisawelcomechange(althoughthepricepointfeelshighconsideringtheenhancementsoffered).
Firstoff,sandboxinghasitsplace,butithasafewholesintheuseofthetechnology.Forone,itcauseslatencyinyourreceivingofemails.Microsoftsaystheexpecteddelayis4or5minutesbutcanbeasmuchas30minutes(whenittimesout).Andthereismalwarethatknowswhenit’sinasandboxandremainsdormant.
Asforthetime-of-clickprotection,theideaissolid.Youcantrainyourendusersalldaylongtoavoidphishingorspearphishing,butyouneedtoalsoprovidetechnologythatwillassistthemshouldtheyclickalinkthatlookslikeitcamefrom
avalidsource(ie.theirboss).However,thesafelinksfeaturejustchecksagainstacontinuouslyupdatedblocklist.Nothingdynamichappenstoreachoutandreallyseeifthatlinkgoestoasitethathassomethingharmfulrunninginthebackground.It’sstillagoodenhancement,it’sjustnotagreatenhancement.Notwhenyouhavethird-partysolutionsthatcanscanthesiteandlookforthreats.
Longstoryshort,ExchangeOnlineProtection(withorwithouttheAdvancedThreatProtectionpiece)islacking.Andit’slackingnotjustduetoafeaturecomparisonwiththird-partyoptions,becauseovertimethegapinfeatureswillclose.MicrosoftwilleventuallygetEOPuptoparwiththebestofthebestinsecurityoptions.BUT…itwillstillbeasinglelocktopick,asecuritymonoculture,andthatiswhereasecondarybolt-onsolutionshouldbeseriouslyconsidered.Don’tjusthopeyou’resafe,knowyou’resafe.PLANtobesafe.
Honestly,I’mjustabelieverinthewisdomofalayeredsecurityapproach.Multiplechuteswhenyoujumpoutofaplane.Ipromoteendpointprotection,DNSlevelprotection,userbehavioranalytics,etc.AndI’mahugeproponentofathird-partycloud-based
securitygatewaywithExchange/Office365.
DataAssuranceArchiving
Yearsbackwedidn’tworrysomuchaboutarchivingdata,weworriedonlyaboutbackingitup.Butwiththemanyscandals(thinkEnron)andlawsuitscroppingupthatrequiredtherequestingofallemailcommunicationwithinacompany,aneedarosetoprovideeDiscoveryinamucheasiermannerthangoingthroughbackuptapes.TheadventofarchivesolutionsandeDiscoveryallowedITadminstoprovecompliancethroughdiscoveryofdata.
On-premisesExchangeadministratorsreachouttotheecosystemofthird-partysolutions(softwarebased,hardwareappliance-based,cloud-based)toprovideanarchiveofdata.Assureddataretention=discoverability=compliance(whichmeansnofinesorjailtimefortheITadmin).
Exchangeon-premisesdoesNOTincludeanenterprisegradearchivesolution.Andguesswhat?NeitherdoesExchangeOnline.
IsaythisandIcanhearsomeofyourespondingwith“butwait…doesn’tExchangehavean‘in-placearchive’feature?”Icannottellyouhowfrustratingthatnamingistome.Yes,itdoeshavethatfeature.AndIlikeit.Butit’spoorlynamedinmyopinion.Ibelieveitshouldbecalleda‘pstrepository’feature.Letmeexplain.
Inanon-premisesenvironment,youcanhaveahighperformancestoragesolutionthatyouwanttorunyourmailboxdatabasesoffof.AndeventhougheveryeditionofExchangeoverthelast10years(2007,2010,2013and2016)hasimproveddatabaseperformancetremendously(inpartbecausetheypulledoutSISsingleinstancestorage)andJBODarraysshouldbemorethanadequateforyourenvironment,inmyexperienceformostorganizations,therearestillplentyoffolkswhowanthighperformancediskfortheirdatabases.However,iftheywishtoeliminatepstfilesandallowuserstobloattheirmailboxesabit,the‘in-placearchive’featureallowsadminstouseasecondarydatabaselocation(typicallyoncheaper,slowerdisk)forthatdata.Totheenduser,italllookslikeonemailbox(theInboxandIn-PlaceArchive),butinreality,thedatacouldbeintwoseparatedatabases,ontwoseparatestoragesolutions.
Whatdoesthismean?Itmeansyoucaneliminatethat.pstnightmareinyourorganization.Doesitprovideanenterprisegradearchive?Notatall.Becauseifwesayanarchiveisallaboutretention,discoverabilityandcompliance,thenthebasic
flawoftheExchangeInboxandIn-PlaceArchiveinthatroleisthatbydefaultenduserscandeletethedataineitherone.Iftheusercandeletedata,thenyoucannotensurediscoverabilityandthesolutioncannotbecompliant.Gameover.
Ah…butMicrosoftknowsthis.Theyknowitandhaveasolutiontoensurediscoverability,Legal(orIn-place)Hold.Ifyouplaceallmailboxesonlegalorin-placeholdfromdayoneinOffice365thennoemailcanbedeletedfromthesystemanditwillalwaysbediscoverable.
Onenoteonthis,ifyoudidthiswithanon-premisesenvironmentyouwouldbloatoutyourstorageandwouldnotbepleased.ButwithOffice365,youcanbloatthatstorageoutandyou,theadmin,don’thavetoworryaboutit.MicrosoftWANTSyoutodothisbecausethelargeryourdatagrows,thelesslikelyyouwilleverleavetheirsystem.Thestressofdoingsowouldmakeitprohibitive.Icallthisthe“HotelCalifornia”approachtocustomerretention.Youcancheckoutanytimeyoulike,butbecausethedatabloatisexcessive,makingthemoveanightmare,“youcanneverleave”.Brilliantreally.
Legal/In-PlaceHoldisaband-aidsolutionhere.LegalHoldwasdesignedtobeaproactive(orreactive)approachtosituationswhereHRisapproachedwithsomeformoflitigationagainstMr.Nastyinyourcompanywhohasbeensendingsexuallyharassingemailstohisassistantandyouneedtostophimfrompermanentlydeletingsuchcontentfromhismailboxsoyoucanprovidediscoverabilityofit(ifitdoesindeedexist…innocentuntilproven…andallthat).Mr.Nastyisn’tevenawarehismailisonhold.IfhetriedtodeleteemailitsimplygoesintoahiddenRecoverableItemsfolderthatcanbesearchedduringeDiscoverybythosewiththeproperpermissions.
Withalegalholdscenariothewholemailboxisonholduntiltheholdislifted.Within-placeholdthereissomeflexibilityintermsofwhatyouholdandforhowlong.Andthesesolutions
haveanabsoluteplaceintheworldofcompliance.It’sagoodfeaturelike‘In-placeArchive’(aka.pstrepository)is.Butit’snotwhatwecometoexpectfromagenuine,enterprisegradearchivesolution.
Modernarchivesolutionskeepasecondarycopyofthedata(whichcanalsobeusedforrecoverability,ifnecessary).Typically,end-usershaveread-onlyorinteractiverightstothedata(sotheycanfindandinteractorrecoveremailsfromtheirpastbutnotdeletethoseemails),somethingyoucannotdowiththe‘hold’solutionsinOffice365.
Inaddition,insomecasesabusinessmayberequiredtopurgedata(forexample,inthecaseoflitigationwherethejudgedeterminesthereisaneedtopurgetheexistingdata).Mostenterprisegradearchivesolutionscandothat.The‘hold’optionscannotdoiteasily(norcantheydoitwithoutthepossibilityofahumanerrorcausinglostdata).
Inshort,Ipreferaseparatedatabankformyarchivebecauseitprovidesmewithagreaterlevelofcomfortabilityduetoa)myabilitytoswitchserviceswithoutgettingstuckina“HotelCalifornia”situation…soIlikethedataagility/portabilityaspectofit,b)myendusershavetheabilitytosearchandinteractwiththeirread-onlyarchive,c)purgingdataiseasierandlesspronetousererrorandd)sinceOffice365doesn’thaveabackupofthedata,itgivesmepeaceofmindknowingthatIhaveasecondcopyofemail,shouldIneedtorestoreit.
Iknowtherearemultiplepassivecopiesofthedataandthat’sasolidsolution,butIstill
likeknowingIhaveacopy.Callmeadinosaur,butI’vebeenburnedbeforeinthis
regardandliketobeextracautious.I’dratherplanforaproblemthanhopeit
doesn’thappen.
ContinuityorAvailability
Allcloudservicesfailfromtimetotime.Thereasonsvary,andthelengthoftimeisunpredictable.Andithappenstoallvendors,sothereisnopointinbashingMicrosoftfordowntimeofOffice365pieces(includingExchangeOnline),becauseeverymajor/minorvendorhasdealtwithit.Thereisnoperfectvendorwithaperfectamountofuptime(that’simpossible).
However,Istillconsiderthistobeagapandanareaforriskmitigation,becauseitcomesdowntowhetherornotyouhaveoptionswhen/iftheserviceisdown.It’slikejumpingoutofaplane.Youhaveaprimarychuteandhopeitworks.Buteveryonceinawhile,itmaynot(forwhateverreason).Itsureisalifesaverknowingyouhavethatbackupchuteinplace.
Microsoftdoesafantasticjobofdataprotectionmanagementthroughtheirnativedataprotectionsolution.ThisutilizestheExchangedatabaseavailabilitygroup(DAG)featuretoensuretheactivedatabasehasmultiplepassivecopies(lagged)splitbetweendatacenters.Ontheplussidethisreallyeliminatesalotofriskoveryourexistingdata.Butthereareafewthingsthisdoesn’tprovide.Itdoesn’tofferabackupofdatasoyoucanrestoretoapointintime.Itdoesn’tensureotheressentialservicesthatworkwithOffice365willremainupandrunning(likeAzureAD,EOP,etc.)Itdoesn’tgiveyourendusersawaytoworkintheeventtheprimaryservicegoesdown.
SomemaywonderhowtheymightobtainOffice365outageinformation.Isitpublic
knowledge?Itis,actually.MicrosoftpublishestoanOffice365HealthTwitter
feed.@Office365HealthIt’snottheeasiestwaytogaininformationbutitworks.AndthetwitterupdateslinktotheServicePortal
foryourOffice365.
KeyTakeawaysOffice365isafantasticsolution,especiallyExchangeOnline.Andit’sthewayofthefuture.MoreandmoreorganizationsofallsizesandbusinessrequirementsaremakingthemovetoOffice365,primarilyduetoitsemailoffering.
AssolidasolutionasOffice365is,therearegaps.Thesegapsrelatetorisksthatneedtobemitigated.Inthepast,withon-premisesExchange,welookedtoecosystemsolutionstomitigatethegapsinExchange.Wecouldboltonseveraltop-notchsolutionsandmakea“better”emailenvironmentasaresult.
WhataboutwithOffice365?
AlthoughMicrosofthasmorecontroloverthesolutionbecauseit’shostedintheircloudandtheycanenhance,improve,developandtweakitalldaylong…therearestillgaps.Therearerisks.Andtheseresideprimarilyintheareasofsecurity,dataassuranceandcontinuity.
It’sobvioustheseriskscausefear,uncertaintyanddoubt(fud).Buttheydon’thaveto.MyencouragementtoanyOffice365currentcustomerorpotentialcustomeristolookonceagaintotheecosystemtofindwaystomitigatetherisks.Anall-in-onebolt-onsolutionthatcanaddressthepainpointsandenhancewhatMicrosoftprovides.
Whyanall-in-one?Well,unlikeon-premiseswhereemailcanmovethroughyourbolt-onpiecesinananosecond,withthecloudyoucannothave(ordon’twishtohave)emailboundingfromonedatacentertoanother,fromonesolutiontoanother,beforereachingtheMicrosoftdatacenterthatholdsyourmailboxes.Thatleveloflatencywouldbeprohibitive.Rather,lookforasinglesolutionthatdoesitall.
Thequestionis…doessuchasolutionexist?
VendorSponsor:Mimecast’sComprehensiveRiskManagementforOffice365
Mostinformationyoureadaboutwhenitcomestoathird-partysolutioniswrittenbythethird-party.Theytellyou“we’reawesome!Andhereisadocumentthatprovesit!<cough><cough>writtenbyus<saidinawhisper>”.Evenifitistrueitcertainlydoescauseaneyebrowtoriseandthecynicalsidetouscomesout.Doesn’tit?
That’swhyItoldmyfriendsatMimecastIwantedthemtoletmewritethisupinmyway.Iwantyoutoseetheirsolutionthroughmyeyes.Iwon’tbeabletogiveyoueverylastbellandwhistlebutIwillcertainlybeabletotellyouhowitwilladdvaluetoeitheryourOffice365ExchangeOnlineorhybridenvironment.Andifyouaren’tonOffice365,MimecastmakesExchangeon-premisessaferandfuturemigrationseasier.
Mimecastwasfoundedin2003byPeterBauerandNeilMurray.Thesewereregularpeople,IT/Devadminsthatsawaproblemandwenttoworkfixingit.Theproblemtheysawwasthatemailwasbecomingmoreandmorecomplextohandle.Theybuiltacloud-basedsolutiontotheproblemthatprovided
emailmanagementandriskmitigation–andthecompanytookoff.
SecurityEmailmanagementcanmeansomanythings,sowhatisitREALLYthatMimecastprovides?Well,forstarters,anti-spamandanti-malware.Keepthejunkfromeverreachingyouron-premisesExchangeorOffice365servers.Mimecast’ssolutionsitsbetweenyourorganizationandtheInternetandprovidescompleteprotectionfromspam,viruses,malware,whaling,zero-dayattacks,ransomware,phishing,spearphishinganddataleaks.
MimecasthasaservicecalledTargetedThreatProtection(TTP)whichfocusesonreal-time,whaling,ransomware,spear-phishingandotheradvancedthreats.Onewayitdoesthis(thatIthinkisbrilliant)isbyconvertingincomingdocumentstoPDF.Soratherthansendeverydocumentthroughasandboxdetonationchamber(ie.avirtualmachinetoopenthatdocumentandseeifitwilldoharm)itwillconvertittoPDF,thusrenderingharmlessanymaliciouscodewithin.AndthenifthepersonWANTStheoriginaldocumentitcanbesandboxed.Averycreativeapproachtoeliminatethelatencyoftryingtosandboxeverysingleincomingdocument.
MimecastalsorewriteseveryinboundURLforon-clickprotection.Andidentifieswhalingemailsthattryandstealmoneyordata.ThosearejustsomeofthecoolfeaturesinTTP.
Butitdoesn’tstopthere.Mimecasthasasecuremessagingsolutionthatisverycustomizableandeasytoworkwith.Theyalsohavea‘largefilesend’(LFS)solutionsothatend-userscansendfilesupto2GBinsizerightthroughtheirOutlookclient(iftheplug-inisused).
TheMimecastSecureEmailGateway(SEG)usesseveraldetectionenginesforamulti-layeredapproach.Itincludesthe
abilitytodeploypoliciesthatassistwithdataleakprevention(DLP)andcontentcontrol,aserioussorespotformostorganizations.So,Mimecastkeepsthecompanydataconfidentialwhilekeepingthebadguysoutatthesametime.Anditdoesthisnomatterwherethepersonisconnected(LAN/Wi-Fi/Internet)andnomatterwhichdevice(desktop,laptop,mobile/tablet).
ArchiveMimecastprovidesanindependent,enterprise-gradearchivesolutionwithapowerful,high-performanceeDiscoveryservice.Thisreducesyouron-premisesstoragecostsbecausethearchiveensuresyouhaveanaccessiblecopyofthatdataatalltimes.
LetmeexplainthisabitfurtherbecauseIdon’tthinkeveryoneunderstandsthevalueofthissolution.UsingMicrosoft’sin-placearchivesolutionisgreatforeliminatingPSTfilesbutnotgreatforenterprisearchiveandregulatorycomplianceprotection.Why?Becauseend-userscandeletewhatevertheywant.Andforthattostopyouhavetoenableaformoflegalhold(litigationholdorIn-PlaceLegalHold).Thiscreatesmorestoragebloatbutdoesstopend-usersfromdeletingthingspermanently.It’sjustnotflexibleandnotinteractive.
WiththeMimecastsolutionyouhaveemailarchivedbeforeitevenreachesyouron-prem/O365servers.Userscandeletewhatevertheywant.Notabigdeal.Youhaveanarchive.Nowthecoolthingisthatthisisanaccessiblearchive,notbackuptapesthatsitinavault.End-usersaregiventoolsthatintegratewithOutlooksothattheycanperusetheirarchiveandfindemailstheymayhavedeletedaccidentallyandrestorethem(noITinterventionrequired…justalittletraining).BUT…iftheywanttodeleteanemailthatmaybeincriminating…nope,notpossible.Note:Mobileappsarealsoavailable.
Iliketocallthis“preventativelitigation”.Thinkaboutit.Ifyouknow,asanend-user,thateverythingyousendandreceiveisbeingarchived,isnon-deletable,iseasilylocatedwitheDiscovery…howstupidwouldyouhavetobetosendsomethinginappropriate?Hence,preventativelitigation.Astrongdeterrent,ifyouwill.
Ifyourecall,ImentionedinthelastchapterthatOffice365doesn’thaveapoint-in-timebackup/recoverysolution.It’sonereasonwhyIfeelaseparatedatabankarchiveisvaluableintheeventsomething“bad”happens–beithumanerror,technicalfailure,aransomwarestrikethatrequiresarestoretoapointintime,whateveritmightbe.
ContinuityIrememberat5yearsoldbeinginthemovietheatreforthefirstSupermanwithChristopherReeves.DoyourememberthepartwhereLoisLanefallsoutofthehelicopterandSupermancatcheshersaying“Don’tworrymaam,I’vegotyou.”Andshesays“You’vegotme?!Whosegotyou!!!???”Classicline.Goodquestionthough.
So,youhaveallthesedifferenttypesofServiceLevelAgreementsfromMicrosoft.SLA’spromisemanythingsandoneofthemisavailabilityofyourservices.Butwhathappensif/whentheservicegoesdown?Ithappens.Ithappenswithon-premisesExchangeandithappenswithhostedsolutionsandevenOffice365.Sure,theSLAtypicallyofferssomekindofrestitutionbutwhatifyoudon’twantrestitution,youwantavailabilityofservice?Microsoftcannotbeitsowncontinuitybackupsolution.
HereiswhereMimecastisabrilliantsolution.Theykeepusersworkingduringon-premorcloudoutages.Likeabackupparachute,shouldtheprimarynotopen…youdon’thavetofreefall,youcanpullthesecondarycordandglidetosafety.
So,let’ssaytheOffice365servicegoesdown.WithMimecastyourend-userswillhavenoideathereisaproblem.TheycancontinuetosendandreceiveemailasiftherewasnofailurebecauseofMimecast’sOutlookplug-inormobileapp.Sotheyjustkeepworking.Onceyourserverscomebackonline,Mimecastwillsyncupwiththemandtheworldkeepsturning.
AndifMimecastisalsoyoursecuritysolutionandarchivesolution,havinganoutagethatrequiresacontinuityassistfromMimecastdoesn’talteryoursecurityandarchivecapabilitiesintheslightest.Youarestilljustasprotectedandcompliant.
KeyTakeawaysDespitetherisksofmovingtothecloud,byaddingathird-partyall-in-onesolutionlikeMimecastyoucanmitigatethoserisks,eliminatetheFUD,andplanforsuccessratherthanhopeforit.
TheMimecastAdminConsole
So,that’smypersonalopiniononMimecast’sRiskMitigationSolutionforOffice365.I’drecommendyoucheckthemout.Theaddedvalueyouwillreceiveatsuchareasonablepricepointisunbelievable.
NOTES
NeedBackCoverAD
BackinsidercoverAd:A5"by8"highqualityJPG(5.5x8.5"allowingfora.5"bleed)Colorschemeisyourchoice(pantone,RBG,CMYK)