Yet again, another vendor has given up on its commitment to its customers’ email security and archiving. Just as Webroot and Google had done previously, Intel Security recently announced the end of life of its McAfee SaaS Email Protection and Archiving service. Former MXLogic customers are left with the risk of losing their security protection if they don’t act quickly.
Meanwhile, at this week’s Symposium, Gartner's SVP & Global Head of Research Peter Sondergaard predicted that the typical technology organization will spend up to 30% of its budget on risk, security & compliance by 2017. With cyber risks on the rise, there’s never been a better time to review your long-term archiving and security strategy.
It’s fair to say that it is relatively easy to swap out a security gateway service but archiving is definitely a long-term bet. Data volumes are skyrocketing and organizations should be concerned around the cost and pain of migrating terabytes of critical data out of a defunct system in future. Short-term cost saving and poor vendor selection today could mean you’re left high and dry in years to come.
At Mimecast we have a track record of helping customers migrate away from end-of-life email services, providing on-going support and a regular stream of new products and service updates.
The Google Postini EOL announcement brought many organizations to Mimecast, at first for security but eventually customers ended up with so much more. One example is Au Bon Pain who first came to Mimecast with a security requirement but then added archiving and our email continuity service. They were so pleased, they offered to do a case study on Mimecast about their experience.
Archiving in 2015 means going beyond just storing customer emails and attachments safely. We believe that providing employees with rapid access to this critical data, wherever they are, is equally as important. Meanwhile, a host of new advanced and targeted email threats need to be kept at bay.
Securing email and archiving means making a long-term commitment. We take that very seriously indeed and it is our business – nothing distracts us from that. Whether your primary emails are on-premises or in the cloud, you need to carefully evaluate your options today and determine who’s best placed for the future.
Question: what’s happened between this year’s IP EXPO Europe and last year’s? Answer: the security arms race has gone into overdrive.
Twelve months seems a short time, but in that period attacking techniques have matured markedly – now hackers are regularly employing sophisticated social engineering techniques in email and instant messages to trick staff. Also, the payload is now becoming more varied with a renewed focus on weaponized attachments used to infiltrate organizations.
So, what’s the next step to protect your organization?
Neutralizing these relentless and sophisticated attacks demands a deep commitment to security. It means investing in the right technology of course but I believe that it's employees who could be the strongest allies of IT managers in fighting back against these threats.
We have seen this before. The security and intelligence services rely on sophisticated surveillance technology but the vigilance and support of the general public is a key line of defense in the battle against terrorists and criminals.
Comprehensive and regular employee awareness programs are an important line of defense in an organization. Building this human firewall will be one of the themes I’ll be addressing in my presentations at IP EXPO this year.
I’ll also be focusing on how migrating to Office 365 presents an opportunity but also significant risks that need to be considered.
Details of my two presentations are below:
- ‘Office 365: Risk or Reward? Or Both?’ at 1:00 pm on Wednesday the 7th of October in the Network & Cloud Infrastructure Theatre
- ‘What's Stopping You Being the next Big Data Breach?’ at 1:40 pm on Thursday the 8th of October in the Cyber Threat Protection Theatre
If you'd like to find out more, drop in to see us (Stand #CC19, in the Cyber Security Europe section) to talk about the risks surrounding on-premises and Office 365 email infrastructure. You can register here for free (a saving of £35) if you enter your details before 7.00 pm, UK time, on Tuesday the 6th of October.
It’s long been said that when botnets first appeared, they were the first usable forms of cloud computing. Now with hindsight they fit the NIST definition of cloud computing very well and have become rapidly scalable and on-demand.
More recently criminal malware has taken a turn towards being more akin to enterprise-grade software through its entire lifecycle. It’s not unusual to find your rental of a botnet now comes with 24x7 support and channel reseller margins. Buying exploit kits, renting botnets, and using enterprise-grade cloud technology, Crime-as-a-Service (CaaS) has become part of the latest breed of XaaS, offering the same benefits of cost and complexity reduction as well as lower barriers to entry. Using CaaS gives anyone an instant criminal business model in the cloud.
What we know today, is that CaaS is starting to have its own marketplace, run by well organized criminal mega-gangs; support contracts for purchasers are not uncommon.
CaaS has been given much publicity since the 2014 Internet Organized Crime Threat Assessment (iOCTA) report from Europol described the commercialization and availability of the technology and how it’s impacting legitimate enterprises in real time.
The rise of CaaS is another step on the roadmap of the crimeware that has been instrumental in many of the most recent attacks, where Zeus and its variants like Citadel and Gameover have led to significant loss of data. What we know today is that CaaS is starting to have its own marketplace, run by well-organized criminal mega-gangs; support contracts for purchasers are not uncommon, nor are healthcare and pension plans for employees.
This threat takes how we think about our own protection to a new level. The high-profile breaches of the last twelve months all managed to evade well known or best of breed corporate defenses, so it’s no surprise that enterprise IT managers and CIOs are starting to lose sleep about their next big breach. In many cases, this fear is born out of a realization that platforms like CaaS have become rapidly more advanced than the protections they have within their own environments.
Targeted Threat Protection is once again at the top of the agenda, for C-level managers, as well as those who deploy and run the technology. The sophistication of the attacks means we can no longer sit back and wait for our protection to do its job. We all need to become much more actively defensive – not offensive, but active in our defenses.
If you want to succeed in Australia you can’t just commit to a sales and support presence. Putting down technology roots is vital, especially if you aspire to grow government and financial services sectors.
Since opening in Melbourne in July 2013, Mimecast has experienced strong growth in the region and now it’s time for us to put down deeper roots.
So we’re pleased to confirm we’re in the final stages of preparing local data centers in Australia. This investment is designed to help Australian organizations protect email with security, continuity and archiving cloud services while meeting increased customer demand for local data residency.
The two new identical data centers in separate locations in New South Wales will join a global network of ten data centers in five countries around the world currently serving the email security and data needs of over 13,000 customers and millions of their employees.
Like in the rest of the world, email continues to be the most prevalent business communication tool in Australia, used to collaborate and share information around the world. It’s also used as key record of business activities, subject to increasing compliance, legal and e-discovery requirements, including the Australian Privacy Principles. Meanwhile, tolerance for email downtime is almost zero, yet it’s increasingly under constant attack from a wide range of adversaries.
In short, we believe a very high concentration of Australian businesses most valuable corporate data is held within email. Data loss, leakage or security breaches from email have been shown to have devastating effects. These new data centers will support our mission to support customers in reducing the risk, cost and complexity surrounding email and give employees a better experience too.
Cloud services are growing in their popularity with Australian businesses and Microsoft Office 365 is becoming a popular primary email service. We intend to take advantage of this trend with our suite of complementary cloud services for Office 365. Mimecast helps its customers put in place cloud-on-cloud protection that complements their security and archiving capabilities under Office 365, as well as mitigating a potential single vendor exposure they have in the event of service downtime.
If you’d like to learn more about our plans in Australia, why not come and visit us at AusCERT 1st-5th June. Mimecast is exhibiting at booth S36 and I’ll be presenting ‘Email: The New Frontier in the Defence of Corporate Data’ on Thursday, 4th June 15.25-16.05.