Security: Office 365 and you
“There are two types of companies: those that have been hacked, and those who don’t know they have been hacked.”
– John Chambers, Cisco CEO 1995–2015
That quote caught fire on the internet when it was uttered by longtime Cisco CEO John Chambers. The quote captures the truth about companies and digital security: everyone’s vulnerable. The question is, do you know where you’re vulnerable? And do you know how to work around or protect those areas?
Nowhere is this more true than in regards to Microsoft’s hot new application Office 365 and its sudden ubiquity in the digital workplace.
This isn’t just an item of interest for a few users. The Office 365 work environment is already the fastest growing product in Microsoft history. Recent Digital Workplace Group (DWG) research found that 48% of organizations are using it right now. This means that Office 365 security will affect you, me and everybody in some way.
Specifically, security holes would affect almost everyone who works anywhere in 2017 – and beyond.
Recently, as part of a dedicated Office 365 research report, DWG reported on how exactly Office 365 handles the security challenge – and is this enough?
The bolts
Microsoft’s Office 365 offers multiple layers of service-level security, including the addition of multifactor authentication, where users must use some combination of:
- something they know (a password)
- something they possess (a physical token or smartphone app)
- something unique / individual to them (fingerprints, retina scans or voice recognition).
However, organizations will still want to evaluate and implement the range of customer-controlled security features like information rights management (IRM), S/MIME, encryption and transport-layer security (TLS).
Since Microsoft could be required to produce data under legal or federal demand, organizations should clearly articulate that risk and understand its implications for business information stored in the cloud.
Microsoft handles these concerns with what they call a “commitment to transparency”, specifically a sort of portal called the Microsoft Transparency Hub, which houses, in one place, reports that Microsoft issues on request for customer data made by law enforcement and government, the latter typically under the umbrella of US national security or the regional federal security agency.
The MS Transparency Hub is a vast region, cold, and not terrifically hospitable – the Antarctica of the Microsoft public site. If you go there, consider putting up a claim flag, because you may well be the first.
The nuts
Organizations that rely on third-party layers for spam filtering and advanced malware protection at the gateway level may need to look a little further than Office 365. There are fewer of those options available here, although Exchange Online does offer advanced email threat protection as an add-on service.
A single-vendor SaaS strategy can increase risk of attack by providing hackers with “one lock to pick” in a monoculture of messaging and collaboration such as Office 365.
There is a solution though. Enterprises with high security requirements can consider a multitenant architecture. Multitenant architecture means the installation has different instances, which means discrete entities with unique data sovereignty requirements or legal entity access. If you required something similar to this set up by professionals, consider working with someone like FWI. They are cybersecurity experts that can provide you with useful cybersecurity business solutions.
The soup: market transitions
According to Network World, John Chambers of Cisco also said: “Market transitions wait for no one.”
Indeed, Microsoft is positioning Office 365 to respond to key trends in the digital workplace:
- Remote work from anywhere.
- Bring your own device (BYOD).
- Shrinking IT budgets.
- Cloud collaboration.
- The “do more with less” mentality.
The cloud Office suite is advertised as “completely modernized to change the world of work”. The digital environment seems to be coming to market at just the right time.
Is it secure enough? Well, the answer is, yes and no. There are weak points, as discussed above, but for those, there are workarounds.
In the internet era, no system, really, can call itself completely secure. That was true even before the internet (picture the man in a black catsuit, picking the lock on the filing cabinet to read secret papers inside).
Are the security concerns around Office 365 a show-stopper? No, not for most organizations. Financial institutions and other targeted organizations will probably, as usual, want to employ extra measures to protect their data, as will any community-touchpoint SaaS environment.
For more information on managing the challenges of Office 365 security and in general in a digital workplace, download “Office 365: What digital workplace teams need to know” from DWG. The full report is only available to members of the exclusive DWG Member Forum. However, an executive summary is available as a complimentary download for all, and will augment your understanding of how Office 365 will affect your intranet and digital workplace.
And remember, Office 365 is here to stay in this dynamic new world of the digital workplace. It’s the new environment of choice. Here’s to safe journeys as you head into it.
Research and Resources
Office 365 Research
Arrange a call to learn more
Categorised in: Uncategorized