July 18, 2017
What Makes you Think Office 365 is Secure?
You moved your email and documents to the Office 365 cloud and you assume Office 365 security is actually secure. Out of sight, out of mind, right? Microsoft wouldn’t sell anything that was not secure, right? Secure enough for whom?
Raise your hand if you think that any one size fits all solution works for everyone. Have you looked at what they provide? What is standard, what is optional? How about whether what they provide is best-in-class? You didn’t? Well we did.
We Did an Analysis of Office 365 Security and Came to Some Conclusions
- Microsoft gives the illusion that all the security you need is provided in Office 365 bundles.
- However, many Office 365 security features are extra (eg. Adv. threats, Archiving, Adv. Security)
- Third party security is better – Microsoft is not known as a best-in-class security provider.
- Third party solutions can integrate with the rest of your security. Microsoft O365 security ignores the bigger picture.
Next Generation security should provide integrated cloud application, endpoint, gateway, network, email and identity other security together and not treat O365 as an Island.
Here is a checklist of what you should be looking for in your Office 365 security solution.
Office 365 Security Checklist
a Office 365 security should be “integrated into your security infrastructure, not an island”.
Your O365 solution should share visibility, and threat intelligence from firewalls, endpoints, networks, email, Web, and identity management. This sharing can enable system-wide remediation and forensics.
Integrating Office 365 and other cloud applications into one security solutions is important as everything moves to the cloud. Visibility, usage control, threat prevention, and forensics for all your cloud applications, not just O365.
a Your security should be best-in-class security in each security area (cloud, email, web, endpoint etc.).
Bundles are nice, but not necessarily the best way to get good security.
a You need a full email security solution including the following:
- Anti-Phishing, Spear Phishing, CEO fraud protection
- Anti-malware including advanced threats (such as ransomware, APTs)
- Encryption, DLP
- System Interruption Continuity
- Email Archiving & e-discovery
a Data Security such as DLP, encryption, anti-malware for SharePoint, One Drive is important
a Granular data/email backup and restore and the ability to restore mailboxes from a specific date.
How Does Microsoft Office 365 Security Rate?
1. Product Features: Great office product. Great integrated package and easy to consume.
2. Strength of security:
Microsoft does not have best-in-class security. See Microsoft Security Report Card” below. Microsoft is not a leader in most security reports and tests and the breadth of their security solutions in narrow. Other vendors provide solutions for email security, Office 365 security and CASB solutions that are best-in-class. Many third-party solutions are integrated across multiple security areas to provide a strong overall solution.
Many of Microsoft’s Office 365 security solutions are add-ons with additional per user cost. The strength of these solutions lags best-in-class third party vendors. Third party solutions should be evaluated against these optional services before buying.
3. Integrates with Your Other Security: Microsoft does provide integrated multi-factor authentication, email security and some data security, but their solutions are limited to Office 365 and any security intel