by Dan Sloshberg
Microsoft’s recent earnings (Q1 FY15) highlighted the momentum of Office 365 we’ve been discussing on this blog for some time. The announcement revealed that commercial Office and Office 365 boosted Microsoft’s cloud revenues by 128% to $952 million.
Safer together. Better together. Mimecast provides vital protection for Office 365.
But it’s also been the year when businesses have come to terms with the practicalities of consolidating their critical IT functions with one vendor, even a vendor as established as Microsoft.
Two major Microsoft outages have affected Office 365 customers this year – the Azure outage in November and the email outage on Exchange Online and Office 365 in June. Not that it’s the only cloud vendor to have experienced this problem – services from Google and even Facebook have had similar issues.
It’s a stark reminder that care must be taken to ensure business continuity, as well as security and data integrity risks, are mitigated in the cloud in the same way they were on-premises.
Which is why risk mitigation is so important when CIOs are migrating to Office 365. A cloud continuity plan can counter reliance on just one service that can become a single point of failure for critical services like email. Invariably that plan needs third party cloud services, like Mimecast, to offer the same options that have been common place in the on-premises environment – a blended cloud approach.
Mimecast Services for Office 365 ensure when Office 365 is offline your business’ email keeps working. It also enhances an organization’s security by detecting advanced threats like spear-phishing. In addition, it improves the resilience of critical data, meaning if data is lost or deleted accidentally or with malicious intent it’s fully retrievable. This vital protection for Office 365 helps overcome the remaining hurdles to enterprise adoption of Microsoft’s service.
If you’d like to find out how Mimecast and Office 365 services work better together, click here to download our free report and view a webcast of our CTO Neil Murray discussing the risks of a move to Office 365 and how to tackle them.
by Orlando Scott-Cowley
One year after the Target data breach, there’s never been a better time to consider how vital email security is to maintain the sanctity of the supply chain. Email, by its very nature, directly connects companies large and small together creating opportunities for hackers to turn suppliers, partners or customers into unwitting victims of malware.
An obvious example of these dangers to the supply chain can be found in the Target breach which ran from November 27th – through December 15th last year and exposed credit card and personal data on more than 110 million consumers. The breach at Target appears to have begun with a malware-laced email phishing attack sent to employees at a heating, air conditioning and refrigeration firm that did business with the nationwide retailer.
Traditionally businesses have used security scanning or gateway services to make it harder for traditional spam or phishing attacks but these only usually protect users on the network and corporate managed devices. But determined attackers are increasingly using a combination of sophisticated social-engineering and targeted or spear-phishing emails in their attacks.
Securing your relationships with suppliers and third parties is quickly becoming a top priority for those who have learned a lesson from the Target breach. Since the evolution of BS7799 part 2, into its current form of ISO27001, considering how to secure suppliers’ systems and imposing your security controls on those third parties has been a key part of security best practice. It is, therefore, not a new idea, that we ought to ask our suppliers how they store, process and secure our data, transactions and connections.
At Mimecast we have elected to adopt ISO 27001 as the cornerstone of Mimecast’s Information Security Management System as it is globally recognized as the best framework to demonstrate audited and continual improvement and on-going security management. Recent additions to this framework (ISO 27001:2013) added greater emphasis on keeping supply chains secure. But this isn’t a guarantee of security, it’s only part of a much wider scope of protection, both theoretical and technological.
I also believe protection must be available to employees no matter the device used to access corporate email systems and without adversely affecting user experience.
For example, our own Targeted Threat Protection service immunizes all embedded links by re-writing them to point to Mimecast’s global threat intelligence cloud. This real-time security check protects against delayed exploits or phishing techniques that direct people to good websites at first, only to arm their dangerous payloads afterward.
Enterprises must protect the user when they actually click, so in the (un)likely event you experience the same fate as Target, you’ve supplied the best protection technologically available. This last line of defense has become the only defense against those who seek to abuse the trust we have in our business relationships.
by Orlando Scott-Cowley
On-premises email and data archives are a growing challenge to organizations looking to reduce costs and management complexity.
Cloud archiving alternatives offer a compelling opportunity to remove the management headaches and deliver a secure, resilient and highly scalable archive service to meet requirements now and in the future. But concerns remain about the ideal migration strategy that balances effective risk management with new business requirements.
That’s why in this new webinar, I’ve teamed up with Gartner research director Alan Dayley to break down the beneﬁts of the cloud over on-premises email archiving. Together, we also explore the key considerations for migrating to the cloud, and look to the future of email archiving in the cloud.
Hybrid or 100% cloud? Should you migrate everything from legacy systems? How do I know if I even need archiving? We explore the key considerations and review what you need to think about regarding data sovereignty.
For customers thinking about moving to Ofﬁce 365, but concerned about their readiness, we’ll discuss migration strategies. Meanwhile, for those who have already made the move, we’ll discuss how a third party backup archive can make your data in Ofﬁce 365 fully resilient
There has never been a better time to move archives to the cloud.
Take a look at video here.
by Orlando Scott-Cowley
First of all, I’d like to say a big ‘thank you’ to everyone who attended Tuesday’s Mimecast webinar featuring Forrester on ‘Protecting Against Targeted Attacks’.
The interest has been huge, and we’ve made the recording of the session available here. We’ll also be focusing on key themes raised during the session over the coming weeks on this blog.
To start, we thought it would be useful to pull out and reflect on some key quotes from the session.
Recording of Mimecast webinar featuring Forrester on ‘Protecting Against Targeted Attacks’ from September 30th 2014, when practical steps to protect your business were outlined by Rick Holland.
Rick Holland, Principal Analyst, Forrester Research:
- ’67% of the espionage cases in organizations involved phishing’ discussing the Verizon ‘2014 Data Breach Investigations Report‘.
- ‘There are two types of phishing vectors – one the malicious attachment…and two, URLs to malicious sites’.
- ‘The average cost of a data breach is $3.5m up 15% from 2013’ discussing the Ponemon Institute ‘2014 Cost of a Data Breach Study: Global Analysis’ sponsored by IBM. Interestingly, class action law suits of effected customers are part of the calculation and might be a rising trend for organizations to address.
- ‘As it becomes more common for remote workers to operate outside of VPNs (BYOD and BYOC), enterprises must protect the user when they actually click’. ‘Even if users could put something on their mobile device to protect them, they are hesitant from a user experience perspective.’ – this was one of the key points in the session, as traditional approaches to security only protect users on the network and corporate managed devices. It’s important to think beyond this given BYOD and remote working. Protection must be available no matter the device used to access corporate email systems, without increasing the IT overhead or adversely affecting the users’ experience. As Rick suggested, organizations must ‘protect the click’.
- ‘Sometimes the URL isn’t bad at the time of delivery’ the attacker may turn the server over from benign to malicious after the email is sent.’
- ‘URL rewriting is emerging to protect the user…I recommended it as an RFP requirement.’
- ‘Whatever the culture of the organization, use that to (tailor) security training…increasing awareness and propensity to report incidents.’
- ‘(Phishing) is only going to get more and more sophisticated.’- which is why the protection organizations put in place now must be able to stay ahead of the attackers.
Steve Malone, Security Product Manager, Mimecast:
- ‘Phishing is viewed as a technology problem…the usual approach is to add more technology. But the issue is that adding more technology is actually increasing complexity.’ Steve further explained that the most successful approach is two-fold: choosing the right technology coupled with user education.
- ‘As we’ve got better at protecting against these attacks, the attackers have moved the goal posts. We now have to assume all the links in emails are bad.’
- ‘Clean up (post-attack) is generally very difficult and time consuming and the root cause is not addressed.’
- ‘Mimecast’s Targeted Threat Protection addresses advanced attacks in email by rewriting the URLs. It means protection regardless of the device used.’
- ‘We’re building into the service a real-time education component for users.’
It’s clear from the interest and the great questions we received at the end of the presentations that this is a hot topic. The evolution of threats is forcing IT teams to rethink the planning, purchasing and management of their business security systems. In addition, it’s being recognized that in order to stay ahead of the attackers, technology alone is not the answer – the complete solution needs to account for this and train users in a new way.
Please leave a comment or @reply me at @orlando_sc if you’ve any particular areas you want us to cover in our follow up posts.