Adoption of Office 365 continues to grow rapidly, adding 50,000 customers a month, with Exchange email remaining the number one workload. At the same time, increasing regulation, litigation, and operational drivers necessitate the need for speedy, accurate and complete access to email data.
Email archiving has long been recognized as a key mechanism to meet these needs. Historically this was achieved on-premise alongside the mail server, but more recently has started to shift to the cloud in order to achieve economic and operational benefits. As email moves to the cloud, organizations must consider how to appropriately protect their data. Remembering that it’s their data, and responsibility ultimately sits with them to safeguard it, is critical.
With over 16% of Mimecast customers now using Office 365 for email, we’re often asked about what to look for in an email archive – specifically for protecting critical Exchange Online data. The following six critical considerations summarize the advice we give.
1. Email data should be immutable by default
All inbound and outbound mail, including detailed metadata, should be captured and stored automatically for all users – without the need for manual or scripted processes. A true enterprise-grade email archive should be designed from the outset as a long term, compliance-driven archive with immutable (WORM) storage and strong chains of custody. In this case, data cannot be modified or removed until the pre-defined retention period is reached.
A suitable archive allows for an independent, always-on, verifiable copy of data to be stored outside of the operational Office 365 infrastructure.
While Office 365’s in-place or litigation holds may satisfy some organizations’ requirements to preserve mailbox data, both were conceived to provide data preservation for active, ongoing litigation – not as a long-term immutable archive.
Mailboxes are not placed on litigation or in-place hold automatically - this is a manual task and can get inadvertently forgotten or misconfigured. Any mailbox content not on hold can be tampered with or deleted.
2. Search speed and consistency
The explosion in the amount of data stored by most organizations along with stricter regulation and increased litigation requires a suitable storage architecture to ensure rapid and accurate archive search results. A dedicated, cloud-based grid storage architecture is best suited to this task so that archive searches benefit from the aggregate power of all servers in the storage grid, together with a unified index, to deliver consistent results at superfast speed.
There should be no limit to the number of mailboxes that can be searched and the number of searches that can be run concurrently. E-discovery searches should not be impacted by email system downtime.
With Exchange Online, users are connected to a single server and data store. Large deployments likely mean multiple servers and data stores – each with its own index. Mailboxes are spread automatically across servers.
As a result, e-discovery searches could require access to hundreds of servers and indexes – potentially liable to inconsistent search results, e.g. server busy, server down, and incomplete index (e.g. unsupported file types, indexing errors).
Search speed is limited by individual Exchange server performance – each with multiple competing workloads. There are limits on both the number of mailboxes (10,000) and the number of e-discovery searches that can be run at the same time.
3. Minimize and limit specialized and manual admin tasks
Initial setup and ongoing administrator actions should all be managed through a single web-based graphical user interface (GUI). This negates the need for manual scripting which is more likely to result in misconfiguration and command errors that can result in significant data loss. Remember, humans are often the weakest link in the chain.
Organizations should also ensure that no single administrator should be able to change key archive policies such as retention duration. This could increase the chances of accidental or malicious actions having a potentially devastating impact.
There are certain admin actions in Office 365 that can only be achieved through PowerShell commands, such as applying a litigation hold to all mailboxes at once, or in-place hold to more than 500 mailboxes. Misconfiguration and errors are arguably more likely in these manual processes.
A single Exchange administrator can remove a hold.
4. Auditing must provide the details needed
Audit logs are vital to check and prove historical actions for both operational and legal purposes. Logs should be enabled by default and retained in perpetuity in order to ensure a complete record. The details logged must also be sufficient for the purposes they may be needed for. The logs should be held in a secure location accessible only to those with appropriate privileges.
In Office 365, auditing of admin actions is enabled by default and cannot be switched off. However, these logs are only kept for 90 days by default and do not include some actions, such as when messages are accessed or deleted, or the client or source details.
Mailbox audit logs must be manually setup and enabled per mailbox using PowerShell. These logs are stored in the target mailbox and could be deleted if the mailbox is deleted.
5. Seamless employee archive access from anywhere
The amount of critical data in email is growing rapidly, with archives increasingly used by employees as their primary repository to save and access important information. In fact, Gartner estimates that by 2019, 75% of organizations will treat archive data, including email, as an active data source.
Seamless and rapid access to this archive data from any device is, therefore, critical. Consistent access should be available via Outlook, the web, and mobile devices. Archive searches must be virtually instant to satisfy employee expectations. Almost 200,000 archive searches a month are made by Mimecast customer employees using the Mimecast Mobile app alone, demonstrating the importance of having easy access to archived content when out of the office. Mimecast offers an industry leading 7-second search SLA.
Microsoft provides archive access via Outlook, Outlook on the web, Mac and iPad only. There is currently no support for iPhone or Android – the two most popular smartphone platforms globally. There is no Office 365 archive search SLA offered.
6. Avoid mailbox lock-in
When archive data is held in a separate platform and location to operational email data, not only does this support compliance and regulatory requirements, it means that the primary mail platform can be changed without the roadblock of finding a viable way to extract data first (or risk losing it). It also provides continuity of access during mailbox migration projects.
Ask yourself. Will a move to Office 365 be the last time you change mailbox providers? Unlikely.
Office 365’s inline archive stores primary and archived mailboxes in the same single environment. With all email data in Office 365, it becomes more difficult to switch to another email environment – essentially leading to Office 365 lock-in. Tony Redmond, a Microsoft MVP and leading commentator expands on this situation in his article ‘Getting data into Office 365 is easy; not so straightforward to retrieve’.
Microsoft gives you 90 days to extract all your data before its permanently deleted following expiration or termination of an Office 365 subscription.
 Gartner Magic Quadrant for Enterprise Information Archiving, Nov 2014
Email wasn’t designed for sending sensitive or confidential information yet it remains the most common form of communication in business. Meanwhile, traditional approaches to encryption have been costly and complex.
Credit card details, personal identifiable information and financial data are regularly put at risk when shared over traditional email services.
The result has been that employees regularly disclose sensitive, personal or confidential information to the outside world – often by accident but sometimes even maliciously. The price is the loss of business reputation, valuable intellectual property and customer confidence. Not to mention the risk of potentially expensive legal action.
This is why today we’re announcing the launch of Mimecast Secure Messaging. This new service is designed to help employees confidently send and receive sensitive or confidential information via email.
Recipients access messages via a secure Web portal, fully customized and branded with the sender’s company name, colors and logo – helping ensure brand recognition and recipient confidence.
Here are just three scenarios where Secure Messaging would make a difference:
- Publicly listed organizations may need to share information about financial results or mergers and acquisitions via secure communications to avoid potential compliance and regulatory breaches.
- In healthcare, it is crucial to keep Protected Health Information private and in support of the Healthcare Insurance Portability and Accountability Act (HIPAA). Data leaks could damage reputations and customer or patient privacy and confidence – and could result in a legal dispute.
- Manufacturers should safeguard blueprints from competitors. Exposure of valuable intellectual property could destroy competitive advantage built from years of development and research.
Secure Messaging is part of Mimecast’s wider cloud email security suite; working alongside gateway, DLP and content controls to help organizations meet compliance regulations, including PCI-DSS, HIPAA and GLBA.
Email security is an essential part of your overall security strategy. It protects users from new and emerging email threats and enforces security controls on information flows. Technologies including anti-virus and anti-spam cover the external threats, but you must also enforce controls on the email flow from within your organization.
In the wake of continued high-profile data breaches, email users now expect to see a higher level of protection to be confident that appropriate measures have been taken to safeguard their sensitive data.
Consider the emails that your organization sends to customers, suppliers and prospects. Will your recipients be satisfied by your security approach?
Microsoft's recent earnings (Q1 FY15) highlighted the momentum of Office 365 we've been discussing on this blog for some time. The announcement revealed that commercial Office and Office 365 boosted Microsoft's cloud revenues by 128% to $952 million.
But it's also been the year when businesses have come to terms with the practicalities of consolidating their critical IT functions with one vendor, even a vendor as established as Microsoft.
Two major Microsoft outages have affected Office 365 customers this year - the Azure outage in November and the email outage on Exchange Online and Office 365 in June. Not that it's the only cloud vendor to have experienced this problem - services from Google and even Facebook have had similar issues.
It's a stark reminder that care must be taken to ensure business continuity, as well as security and data integrity risks, are mitigated in the cloud in the same way they were on-premises.
Which is why risk mitigation is so important when CIOs are migrating to Office 365. A cloud continuity plan can counter reliance on just one service that can become a single point of failure for critical services like email. Invariably that plan needs third party cloud services, like Mimecast, to offer the same options that have been common place in the on-premises environment - a blended cloud approach.
Mimecast Services for Office 365 ensure when Office 365 is offline your business' email keeps working. It also enhances an organization’s security by detecting advanced threats like spear-phishing. In addition, it improves the resilience of critical data, meaning if data is lost or deleted accidentally or with malicious intent it’s fully retrievable. This vital protection for Office 365 helps overcome the remaining hurdles to enterprise adoption of Microsoft’s service.
If you’d like to find out how Mimecast and Office 365 services work better together, click here to download our free report and view a webcast of our CTO Neil Murray discussing the risks of a move to Office 365 and how to tackle them.
Last week Microsoft Azure suffered a major outage, disrupting many enterprises worldwide that had shifted their workloads to Microsoft’s public cloud, including companies who have upgraded to Office 365.
The cloud skeptics are already gathering to tell these companies they shouldn’t have moved to the cloud, but ask the IT managers of LAN-based services whether they ever have had unplanned downtime and of course the answer is yes. So what’s the answer to the downtime conundrum?
The simple solution is to treat the cloud with the same level of respect that we’ve been treating our on-premises systems for decades…are your core services, like email, so important that your business cannot do without them?
If the answer to that question is ‘yes’, and it usually is, then you should go for a blended-cloud approach.
Despite the fact that these events will be frustrating and disruptive for Microsoft customers (or Google or any other service for that matter) it’s still no reason to stop plans to move to the cloud, or retreat to the shelter of the LAN. However, this incident should be a trigger for IT teams to check they are being careful about what core cloud service they choose and then how they protect it.
When you move critical services and data, like email, to the cloud, you must also plan for the inevitability that at some point the service will most likely go down – just as you would with business continuity solutions on your own infrastructure if you kept them in-house. With Mimecast services you keep employees’ email up and running, and keep them productive even in the event of an outage.
What happens when the cloud service goes down? Every IT leader should be able to answer that question immediately and show their continuity strategy. A strategy based on planning and technology, not hope.
For more information about Mimecast cloud email continuity services please click here.