Office 365 Security Compliance

How to strengthen Office 365 security compliance for email

IT teams in many organizations today are looking to strengthen Office 365 security compliance capabilities to meet evolving and expanding regulatory requirements.

As email continues to play a vital role in business communications and operations, regulations in a broad range of industries are aimed at ensuring email security to protect businesses as well as their employees, partners and customers. In addition to security-related requirements, organizations must also comply with regulations concerning email retention and the ability to produce evidentiary-quality records in to response to legal hold requests.

While Microsoft Office 365 is a powerful productivity suite, Office 365 security compliance tools may not provide the multilayered defense that most organizations want to adopt to fend off a growing universe of threats. That's why, when seeking to augment Office 365 security compliance capabilities, more organizations worldwide today turn to Mimecast.

To ensure superior Office 365 security compliance, IT teams need to augment the Office 365 platform with powerful solutions for managing archiving for e-discovery and litigation, protecting against inadvertent and malicious data leaks, and defending against a wide variety of email security risks.

Areas of concern for security and compliance in Office 365

There are several critical concerns related to security and compliance for Office 365 that may not be adequately addressed by the platform's native features and capabilities.

• Ransomware, business email compromise and phishing attacks continue to impact businesses everywhere, and new email security threats emerge daily. A single solution like Office 365 simply can't catch them all. Best practices for securing email in the cloud include the same layered approach to security that organizations use for on-premises email systems.
• Backup and recovery. Rather than providing a persistent backup/recovery solution for email data, Office 365 holds email data and disallows deletion by using "hold". But if data is corrupted or lost, it may not be recoverable. Organizations need plans for backup and recovery to truly provide data recoverability.
• Data redundancy. While Microsoft seeks to achieve redundancy by storing multiple copies of email, all data resides within the same architecture and platform, creating a single system of failure. Without a more robust backup plan in place, data could be lost or corrupted due to human error, technical failure, malicious intent or cyberattack. Only a third-party cloud archive can provide true data independence and redundancy.
• Microsoft Office 365 encryption capabilities are lacking key features, such as end-user revocation of messages that might have been sent to the wrong recipient. To ensure compliance with the right range of regulatory environments, including HIPAA messaging compliance, organizations need encryption technology that ensures the highest level of protection.

Each of these concerns can be addressed by a layered approach to security and compliance in Office 365 that lets organizations leverage the benefits of Microsoft's cloud service without putting sensitive data, users and organizations at risk.

Mimecast: a multi-layered solution for security and compliance in Office 365

Mimecast offers a cloud-based solution for email security, archiving, compliance and data protection that bolsters and augments security and compliance in Office 365. As a SaaS-based service, Mimecast can be implemented quickly and easily, seamlessly integrating with the Microsoft platform to provide immediate improvements in security and compliance.

Mimecast enables organizations to adopt a layered approach to security and compliance in Office 365 with solutions that include:

• Targeted Threat Protection against advanced threats like ransomware, spear-phishing and impersonation.
• A Secure Email Gateway that filters all inbound, outbound and internal email, scanning for security concerns in sending domains, attachments, links and text.
• An Office 365 threat intelligence dashboard that aggregates and integrates indicators of compromise and other actionable information into a single view of the threats facing the organization.
• Information Protection, integrating data leak prevention and content control with tools for secure messaging that enables users to send encrypted messages quickly and easily.
• Mimecast Awareness Training, a highly effective program for educating employees about best practices around security and compliance in Office 365.
• Mimecast Cloud Archive, an industry-leading solution that aggregates data across multiple platforms, offers robust backup and recovery, simplifies archiving and Records Retention management, streamlines compliance efforts and reduces the cost and risk for legal and compliance teams as they work to meet GDPR compliance, Dodd-Frank compliance and FINRA compliance requirements, among others.

Mimecast Migration Services provide easy migration to Office 365, helping to eliminate the risk of service disruptions, reduce the time and effort needed to migrate mailboxes, and consistently enforce policies for security and compliance in Office 365 across staged or hybrid environments.

Benefits of Office 365 security compliance with Mimecast

Mimecast augments Office 365 security compliance by:

• Protecting against threats. Mimecast Secure Email Gateway provides 100% anti-malware protection and 99% anti-spam protection, while Mimecast Targeted Threat Protection provides phishing protection software and advanced defenses to protect against impersonation attacks and to stop ransomware attacks.
• Simplifying encryption. Mimecast Secure Messaging enables users to easily send protected messages from their Outlook inbox without needing an enforced TLS connection or requiring recipients to download software.
• Improving data leak prevention (DLP). Mimecast Content Control and Data Leak Prevention scans all email to block or hold messages which violate administrator-defined policies for potential data leaks.
• Securing large file transfers. Mimecast Large File Send enables users to send large files up to 2 GB from within Outlook, rather than using third-party file sharing services to circumvent size limits on mailboxes and file attachments.
• Ensuring continuity. Mimecast Mailbox Continuity enables users to send and receive email even during planned outages and downtime.
• Protect email, users and the organization against advanced and routine threats that can hinder productivity, compromise sensitive information and damage organizational reputation and the bottom line.
• Demonstrate compliance quickly and easily with robust reporting capabilities and by storing multiple, tamper-proof, encrypted copies of email (both original messages and policy-modified emails) in geographically diverse data centers.
• Enable administrators to reduce the time and effort required to respond to requests by legal and compliance teams.
• Backup Office 365 mailbox data to a centralized cloud archive, and automate granular recovery when data is lost or deleted.

Learn more about Office 365 security compliance with Mimecast, and about Mimecast solutions for email phishing protection and spear phishing protection.

Additional tools for Office 365 security compliance

In addition to defenses against known and emerging threats, Mimecast provides a Mailbox Continuity solution that ensures users have access to live and historic email, even when primary servers are down due to planned or unplanned outages.

Mimecast Cloud Archive enables organizations to more easily comply with regulations for email retention and to achieve HIPAA, FINRA and SEC 17a 4 compliance. Administrators can centrally set, manage and enforce email retention policies to simplify litigation hold for Office 365, while lightning fast search tools help to accelerate Office 365 eDiscovery. And because Mimecast keeps three encrypted and tamper-proof copies of every email along with metadata, organizations can easily respond to compliance inquiries and Office 365 legal hold requests.

Learn more about Mimecast tools for Office 365 security compliance, and about Mimecast healthcare compliance solutions.

Office 365 security and compliance FAQs

Does Office 365 have security?

Microsoft provides a number of native capabilities for security and compliance in Office 365, including tools to manage security settings for applications and devices. Microsoft also offers advanced threat protection, conditional access, data loss prevention, online archiving and information protection features. For some organizations, however, these capabilities may not be sufficient to achieve all objectives for security and compliance in Office 365.

What is the center for security and compliance in Office 365?

Office 365 offers a Security and Compliance Center that provides resources, education and tools to manage security and compliance in Office 365. Not all features are available to all users; different business and enterprise plans feature different levels of security and compliance capabilities, and for some organizations, these solutions may not be robust enough to protect against all threats or to ensure compliance with all regulatory environments.

Why do companies add security and compliance technology to Office 365?

While Microsoft Office 365 offers certain security protections and compliance tools, relying on these features alone creates a single point of failure. Best practices for security and compliance require additional layers of security and compliance in Office 365 to more effectively protect an organization.