Here’s what to think about when considering an Office 365™ move.

Microsoft Office 365™ is fast becoming the standard platform for organizations across the globe, with 135 million business users worldwide as Microsoft’s April 2018 earnings announcement. With a move to Office 365, there’s a lot for organizations to consider, including the impact it will have on email security.

Mimecast’s J. Peter Bruzzese, an Office 365 MVP, recently sat down with TechTarget’s Mike Perkowski to discuss migrating email to the cloud and all the steps organizations need to take to do the move the right way. What follows is a transcript of part of their discussion.

Mike Perkowski: Is moving your email boxes to the cloud a good time to rethink your strategy and your philosophy about email security?

J. Peter Bruzzese: Well, rethink? I guess it depends on what your strategy currently is. I’m a huge believer in defense in depth. I believe we have multiple layers we need to look at and consider our budget and say “OK, where can we put all of our security points here?”

A lot of folks focus on the endpoint. They make sure their systems—whether it’s laptops, desktops, mobile devices—that those are secure, and that’s great. But did you know most attacks these days, whether it’s ransomware or it’s a spear-phishing attack, they’re coming through email. Granted, the end user is the one who eventually clicks the link, but they’re coming through email.

MP: That’s the transport mechanism for them.

JPB: So, what do you do? If you move to Office 365, Microsoft provides a free Exchange Online Protection (EOP) solution. Free is great, but is it good for your security? Well, that might be nice as a backup parachute, but what do you have for your primary chute?

Typically, what we see are third-party solutions that sit on the front-end…I believe having a solution like that out in the gateway will help your end users because the fact of the matter is, when an email comes in with a link, they click it…

MP: And that’s all it takes.

JBP: Right. So, we need technology on the front-end to protect them. That’s a given It’s a defense in depth approach. Everyone says it’s the human [that’s the weakest area]. No, because that email still has to get through to the human first. So, focus on your gateway. Microsoft provides EOP and then you can pay for Advanced Threat Protection from Microsoft, which is an extra upcharge.

Once you start paying an upcharge for security from Microsoft, you have to ask yourself, “Am I paying for something that is going to be comparable to what a third-party can give me? Is Microsoft’s ATP comparable to third-party solutions?” And at this point I would say no. You have to look at what third-party solutions can do above and beyond ATP.

Because if you’re paying for it, you have to make sure you’re paying for the best solution out there. Don’t go with mediocre security, because ultimately you’re going to pay for it eventually when you get hit with that Bitcoin request in a ransomware attack.

So, I don’t know that you’d rethink your security structure, but you should think about changing it.

You may also like:

Three Steps to Take When Migrating Email to Office 365™

Migrate email to the cloud without pain—…

Migrate email to the cloud without pain—or compromise. For t… Read More >

J.Peter Bruzzese

by J.Peter Bruzzese

Office 365 MVP

Posted Jul 20, 2018

Email Security Dos and Don’ts for Employees

What employees should and should not do …

What employees should and should not do to avoid targeted em… Read More >

Margot Carmichael Lester

by Margot Carmichael Lester

Mimecast Contributing Writer

Posted Feb 22, 2018

Two Major Reasons We’re Failing at Cybersecurity

Good enough security is good enough no l…

Good enough security is good enough no longer. You use emai… Read More >

Jake O'Donnell

by Jake O'Donnell

Global Editorial Content Manager

Posted Jul 24, 2018