As many began to return home from its Worldwide Partner Conference this week, Microsoft confirmed an outage of Office 365 email.

According to Microsoft Support, it appears that affected users were unable to connect to the Exchange Online service, including Outlook, Outlook Web App (OWA), Exchange ActiveSync (EAS), and Exchange Web Services (EWS). Many users also experienced delays when sending and receiving messages.

Certainly Office 365 is not the only service to suffer like this – outages happen, but the reason why Office 365 outages grab widespread attention is because of its increasing popularity and the business critical nature of services it provides. Suffering from an Office 365 Outage? We'll Keep Your Business Running. Suffering from an Office 365 Outage? We'll Keep Your Business Running.

For many businesses, email is their most critical IT workload. Email is also highly valued by employees. Tolerance for email downtime is almost zero as it costs money, damages reputations and cripples business operations. In short, we all need it to work and to work all the time.

For years IT teams have built disaster recovery plans and systems predicated on the belief that IT fails and you always need a plan B. Nothing changes in a cloud first world. Cloud services clearly fail and if you don’t have an independent continuity service, your email will be down until Office 365 gets it back up again. And you can’t control when that will happen. One hour. Five hours. Days.

So take a leaf out of the on-premises risk management handbook. Make Office 365 safer with the addition of an independent third-party continuity service.

Office 365 will continue to have service outages. Sometimes these will be very disruptive because they affect an entire region. Other occasions may only see some customers or group of employees affected. But outages do and will happen. It’s irrational to expect them not to happen.

Many of us now live in a cloud-first world. So the question to ask ourselves is – what will happen to me when Office 365 goes offline? Do I have a plan B?

For all its strengths, if you rely 100% on Office 365 for your email you are asking for trouble. It’s just a matter of time.

Find out more about how we can help keep your business running during an Office 365 outage here.


Yesterday, we announced two new measures designed to protect against spear-phishing. Attachment Protect and User Awareness reduce the threat from malware-laden attachments, and help IT teams raise employee security awareness.

Both services are available as part of Mimecast Targeted Threat Protection, which now gives customers a comprehensive defense against the key technical and human risks from spear-phishing.

Spear-phishing attacks are a rapidly growing and evolving threat that needs a new generation of services to protect organizations.

Initially, it was about stopping URL links to malicious websites. But now the threat has moved on to weaponized attachments. So sandboxing has become a critical technical defense. Here attachments are tested in a safe environment before they can be delivered to the recipient. But sandboxing does have its limitations. It delays emails, which is frustrating and impacts employee productivity. It’s typically expensive to provide pre-emptive sandboxing, meaning organizations often limit who they protect to keep costs under control. That’s not good enough. As attacks using weaponized attachments become more commonplace and can be targeted at any employee, this puts organizations at risk if they are limiting this critical protection.

Our approach is different. We make it cost effective and easier to protect the whole organization.

Mimecast Targeted Threat Protection – Attachment Protect combines traditional pre-emptive sandboxing for those who want it with a transcription service that automatically gives all employees a safe and threat-less email attachment instantly. It does this by replacing inbound email attachments that could contain malicious code (e.g. PDF or Microsoft Office files) with safe transcribed versions – neutralizing any malicious code. Most employees only need to view attachments, so no further action is needed. If employees need to edit a file, a link in the email can be used to request the original file on-demand via our cloud-based sandboxing service.

However, technology is only part of the defense against spear-phishing and other security threats for that matter. A comprehensive strategy requires employee education. We need to improve employee skills and vigilance, and turn them into a human firewall that can thwart the scammers and hackers.

The problem is traditional IT training is ineffective, time-consuming and ultimately unable to keep up with advanced security threats that change all the time.

Now, in addition to link rewriting, URL Protect includes innovative dynamic user awareness capabilities so IT teams can raise the security awareness of employees. Once enabled, a percentage of links in emails clicked by an employee will open a warning screen. This provides them more information on the email and destination, prompting them to consider if the page is safe. If they choose to continue, their opinion is logged, URL Protect scans the link and blocks access if the destination is unsafe. IT administrators can set how frequently these awareness prompts are shown to ensure employee caution is maintained. Repeat offenders that click bad links will get more frequent prompts automatically until their behavior changes.

A comprehensive security strategy requires not just technology defenses but also employee education. You need to improve employee skills and vigilance, and turn them into a human firewall that can thwart the scammers and hackers.

If you’d like more information about these new services, please register for the Targeted Threat Protection Webinar or let us show you a demo. Also, please leave a comment on this post if you have any questions – thanks!


With the threat of more power outages looming in South Africa’s future, businesses are scrambling to find ways to keep working. The topic of ‘generators’, ‘invertors’ and even Tesla’s new wonder battery seems to be on the lips of every COO, and the cost of implementing  these power alternatives is starting to hurt the bottom lines of many companies across the country.

This has sparked another round of conversation about business continuity planning. CIOs are sitting with CEOs, COOs and CFOs and answering questions like ‘’how can we continue to operate during load-shedding?’’ and ‘’what are the economic implications of load-shedding for our business if we can’t?’’

With Eskom warning of another two to three years of a tightened power grid and possible load-shedding, businesses need to act quickly to shed their dependence on the grid where possible.

So what’s the solution? The reality is that South African businesses need to work through the outages and not around them. Here is our list of considerations for businesses:

- Move your IT infrastructure to the cloud. Instead of being reliant on your server (which is attached to your power grid or your expensive generator) partner with a third party business that has multiple data centers on different power grids and a multitude of generators to safely store your data.

- Give your staff secure access to their mailboxes from any mobile device at any time. Let them work at a coffee shop or home, or from your customer’s office if they choose - because they can!

- Know your load-shedding schedule and communicate it to staff; encouraging meetings to take place off-site during the outages. Help staff to manage their outage time wisely and work on admin, arrange customer meetings at coffee shops or their offices. Why not hold team meetings offsite or outside in the sunshine?

Now is the right time to take a step back and fundamentally reassess how businesses in South Africa cope with load-shedding. The prize for this rethink is great - if we can bring down the estimated R80 billion per month load-shedding costs, it could unleash the potential for growth South Africa has been promising for so many years. Let’s switch on business continuity and keep South Africa working through load-shedding!


A few weeks ago, I made a trip across the pond to one of the biggest U.S. security events of the year, the RSA Conference. The 400+ exhibitors pulled out all the stops, unveiling new products, displaying elaborate booth décor and giving away all sorts of prizes.

Attendees that stopped by Mimecast’s booth had the opportunity to spin a prize wheel for any number of giveaways, ranging from an American Express gift card to a golf tee, along with learning more about our recently-launched Secure Messaging service. At RSA, the market need for Secure Messaging was validated by the positive conversations we had with booth-goers and media and analyst influencers, including this one I had with ISMG Editor Tom Field.

There were a few recurring themes I noticed during conversations at the show, including during a keynote given by Microsoft’s Corporate VP of Trustworthy Computing, Scott Charney. For one, companies continue to see the value and benefits of migrating data to a third-party cloud provider. At the same time, though, they demand a certain level of control over their data and security measures. Scott likened this feeling to some people’s tendency to drive their own car to their desired destination, as opposed to flying there. In order to help companies strike a balance, the industry calls for complete transparency and “technically enforced trust boundaries.”

This sentiment is not unlike how we’ve designed Secure Messaging. With it, companies can set certain policies, such as a date in which a message will expire or a rule against the recipient being able to print a message. Visibility is also key, so we’ve made it easy for senders to track who’s read their messages and even recall them, if required. In addition, the message never leaves the Secure Messaging portal, so the sender retains control of the data the entire time.

Further to what Scott spoke about, and as re-affirmed in our Secure Messaging service, control is not just critical for helping IT administrators sleep soundly at night. It is control that allows companies to keep tabs on who has access to their data and lessen the chances that they are a victim of a breach. The trick here, though, is to not sacrifice the user experience in the process – for example, an employee should be able to send a secure email from his or her inbox without any clunky, productivity-hindering extra steps. 

As was mentioned more than once at RSA, hackers are only becoming more advanced. It’s the industry’s job to adapt and innovate in order to mitigate the risk of malicious attacks, both for the protection of our data and our customers’ data.

If I didn’t get the chance to catch up with you this time around feel free reach out to me via LinkedIn or Twitter.