Four Things Security Professionals May Be Thankful for This Thanksgiving

Delivering secure IT systems to users and the enterprise doesn’t often get the thanks and praise it deserves. I know from first-hand experience that in the world of IT admins there’s often a lot of complaining when a system doesn’t work, but rarely any thanks when it does.

So in conjunction with Thanksgiving in the US, here are a few things we as security professionals might be thankful for.

Happy Thanksgiving from Mimecast!

Happy Thanksgiving from Mimecast!

No Data BreachBeing thankful for not being breached this last year is the big one. You will be very thankful if you haven’t had to appear before your board or on Fox, MSNBC, CNN or even worse C-SPAN, to explain where your customer/credit card/intellectual property/data has gone. I’ve spoken to many of my peers who are extremely thankful as more time has passed and they haven’t had to deal with a major and public incident. The old adage, that the better an IT administrator does their job, the less they will have to do, doesn’t ring true here. The red queen effect of those who seek to exploit our systems is still a strong force as the Sony Pictures team would no doubt testify yesterday.

Security MindfulnessBe thankful for the growing focus on IT security. IT security is getting a much higher profile and this is increasing public concern, and this drives more buy-in from senior management which means more security budget should follow. There is also a trickle-down effect from the volume of stories that hit the mainstream media as they impact our non-technology colleagues too. Telling them that their logins, systems, data, accounts, on-star systems, garage door openers are all at risk from hackers/Anonymous/Unit 61398/Axiom/SEA/etc. The concern this has whipped up means a renewed interest in security measures that makes the task of getting business and wider employee buy-in much easier.

A New CISOBe thankful for the new CISO. We’re told more CISOs are being recruited than ever as the C-Suite accepts the need to have a single senior executive responsible for the management of their security strategy. We’re already seeing the appointment of the CISO can have a measurable effect on reducing the cost of a security breach, and the cost of protecting data, so the ROI on a CISO becomes easily provable.

Savvy UsersBe thankful for employees who are getting more security savvy might sound like a surprise to some. As consumer computing becomes more accessible and easier to adopt, think tablets rather than *nix desktops in terms of complexity, employees are much more technically savvy than ever before. And, as digital natives start to enter the workplace, being new to technology is no longer a problem. Being more technically savvy means educating users to risks has become much easier, and we ought to be thankful for that. However this is a double-edged sword, one I like to call the Dropbox effect; savvy users mean the fast proliferation of unsanctioned consumer grade IT in the enterprise, and that is a Shadow IT threat we’re not thankful for.

So as you sit enjoying your turkey, and you are hoping that a Black Friday spam deal doesn’t lure your employees to a malware laden website, remember there is a lot to be thankful for and people who realize how much of that is down to your hard work!


Microsoft Azure Outage: A Reminder That All Cloud Services Need Backup

Last week Microsoft Azure suffered a major outage, disrupting many enterprises worldwide that had shifted their workloads to Microsoft’s public cloud, including companies who have upgraded to Office 365.Mimecast Continuity Services

The cloud skeptics are already gathering to tell these companies they shouldn’t have moved to the cloud, but ask the IT managers of LAN-based services whether they ever have had unplanned downtime and of course the answer is yes. So what’s the answer to the downtime conundrum?

The simple solution is to treat the cloud with the same level of respect that we’ve been treating our on-premises systems for decades…are your core services, like email, so important that your business cannot do without them?

If the answer to that question is ‘yes’, and it usually is, then you should go for a blended-cloud approach.

Despite the fact that these events will be frustrating and disruptive for Microsoft customers (or Google or any other service for that matter) it’s still no reason to stop plans to move to the cloud, or retreat to the shelter of the LAN. However, this incident should be a trigger for IT teams to check they are being careful about what core cloud service they choose and then how they protect it.

When you move critical services and data, like email, to the cloud, you must also plan for the inevitability that at some point the service will most likely go down – just as you would with business continuity solutions on your own infrastructure if you kept them in-house.  With Mimecast services you keep employees’ email up and running, and keep them productive even in the event of an outage.

What happens when the cloud service goes down? Every IT leader should be able to answer that question immediately and show their continuity strategy. A strategy based on planning and technology, not hope.

For more information about Mimecast cloud email continuity services please click here.


Mimecast Takes Home Gold at the Midmarket CIO Forum

I recently attended the Midmarket CIO Forum in Tucson, AZ, a three-day event for IT executives and solution providers. CIOs attending the event were asked to pick a Vendor Excellence award-winner within six categories, based on strategy and innovation. We’re pleased to announce that Mimecast was honored in the “Best Midmarket Solution – Service” category, recognized as an established service that has been exemplary in specifically meeting the needs of the midmarket.

The award ceremony took place on the third night of the Forum, following a few days of networking and boardroom sessions. I led one session titled, “The Future of Email – On Premises, Hybrid or Cloud?” in which I spoke about how organizations can remove the risk, complexity and cost of their email environment. IT managers are tasked with providing uninterrupted, ubiquitous email access to all employees amid the growing threat of malicious attacks like spear phishing, as well as downtime and data leaks.

As I noted in my session, and Vendor Excellence award voters recognized, this makes it necessary for organizations to have a solution, like Mimecast’s Unified Email Management (UEM), that extends their email platform’s core capabilities. For an organization with Microsoft Office 365, for example, Mimecast helps to enhance the solution’s key benefits, while mitigating the risk of the organization being reliant on a single cloud provider. With the strength Mimecast’s targeted set of solutions, like broad spectrum email security and journal archiving, alongside Microsoft, organizations ensure the constant availability of their email with a business continuity plan in the cloud.

We’re proud to have received this recognition from Midmarket CIO Forum and feel it validates not only our technology but our desire to support mid-market organizations around the world move to the cloud and improve the protection of their critical data and email. If you’d like to learn how organizations have worked with Mimecast to support their primary email environment, I invite you to check out these case studies.


Gartner Symposium ITXpo: Driving Digital Business

Next week the Gartner Symposium ITXpo kicks off in Barcelona, with the theme of ‘driving digital business’.

Mimecast will be joining a host of technology leaders at the event to share our perspective on how IT is being redefined in the era of cloud services, corporate memory, and advanced threats.

It’s no wonder that with this backdrop the ITxpo series is becoming so popular. A new chapter is emerging for CIOs. In some cases the role is merging with CSOs to create a new function in the business. There are some big questions which should be asked to inform how or even if this integration will take place, which we covered in part on this blog last month but will be bought into sharp focus at high level events like this:

- Security governance:how will organizations cope with the increased rigour and business-as-usual buy-in for IT projects from the rest of the business.

- Mobile Device Management: how do IT teams control the risk profile of mobile device seamlessly and with scale?

- Cost: how can CIOs empower the business to maintain principles of data security?

- Data Migration: how SaaS vendors like Mimecast can help you plan the migration of your information archive to the cloud.

If you’d like a meeting and/or schedule a demo you can of course drop in to see us at Stand S10…we’d be delighted to chat and understand your business objectives in more depth and how Mimecast can help you achieve these.