by Orlando Scott-Cowley
An enterprise information archive should be much more than cheap storage and data resiliency, or place to hunt for (or lose) long forgotten evidence in the event of an eDiscovery case. In fact, the enterprise archive, be it for email, files or IM conversations, now has a vital role to play in increasing employee productivity, rather than just being a dark and dusty vault where data goes to die.
Boost employee productivity with an active archive
As analyst firm Ovum predicts enterprise end-user mobility will be top of the CIO agenda in 2015, ask yourself how quickly can your users find that two-year-old email or vital attachment while on the move? It’s worth considering how a lack of mobility will affect client response times or employee satisfaction in your organization.
The good news is that the move to better and brighter times has already begun. In its Magic Quadrant for Enterprise Information Archiving 2014, Gartner predicted that by 2019, “75 percent of organizations will treat archived data as an active and “nearline” data source, and not simply as a separate repository to be viewed or searched periodically.” For enterprise CIOs, this means we’ve got roughly five years to think about uncovering value in the vast quantities of data we store for undefined purposes at an undefined point of time in the future.
But balancing the information needs of an increasingly mobile workforce with secure and highly-available services often present a major challenge, particularly for traditional on-premises IT environments. As your data volumes grow exponentially, and you bank more valuable data, many businesses are looking to the cloud to solve these demands.
Elastically scalable storage, predictable subscription costs, performance, ubiquity of access and high availability are important factors but the real advantage here is increased flexibility around scale and style of deployment as well as use of these services. Cloud archives can more easily accommodate connections to live Outlook services, SharePoint and third-party APIs. Moving the email archive to the cloud makes it easier to allow employees to search all of their data through their phones and tablets, a simple victory that is largely unsupported by on-premises archive vendors. All of these reasons mean an ‘active archive’ can only exist in the cloud; the limitations to performance, scalability, access, security and usage are too great when the archive remains on-premises.
Cloud archiving vendors are also the only type of technology vendor who are going to have a product roadmap that aims to create new and innovative ways to bring your data to life. Most cloud firms roll out changes, improvements and new features on a continuous delivery schedule so there is always something new to delight your end users. By contrast, older less agile, on-premises technology vendors are usually stuck to a rigid multi-year release cycle that imposes significant burdens on your technical team – re-indexing your archive because of new ‘engines’ or search providers is a great example from two of the market leaders of on-premises archive technology. We don’t want to do that again in a hurry, that’s for sure.
Having an active archive for your enterprise information offers the business a single, secure repository in the cloud in which all your corporate memory can be stored is a simple, yet highly effective and strategic way for the long term retention of your data. For your end users, simply supporting their use of mobile devices will be a significant coup in what is seen as a stodgy and un-cooperative application service. But, continuing to delight them with ways of experiencing and interacting with that data today and into the future will at last give them a way to find more productive ways of working.
If you’re stuck in the past and trying to break free from the aging and outmoded on-premises archive, this video may help you. I recently sat down with Gartner research director, Alan Dayley, to break down the beneﬁts of the cloud over on-premises email archiving.
WATCH the video.
by Dan Sloshberg
Microsoft’s recent earnings (Q1 FY15) highlighted the momentum of Office 365 we’ve been discussing on this blog for some time. The announcement revealed that commercial Office and Office 365 boosted Microsoft’s cloud revenues by 128% to $952 million.
Safer together. Better together. Mimecast provides vital protection for Office 365.
But it’s also been the year when businesses have come to terms with the practicalities of consolidating their critical IT functions with one vendor, even a vendor as established as Microsoft.
Two major Microsoft outages have affected Office 365 customers this year – the Azure outage in November and the email outage on Exchange Online and Office 365 in June. Not that it’s the only cloud vendor to have experienced this problem – services from Google and even Facebook have had similar issues.
It’s a stark reminder that care must be taken to ensure business continuity, as well as security and data integrity risks, are mitigated in the cloud in the same way they were on-premises.
Which is why risk mitigation is so important when CIOs are migrating to Office 365. A cloud continuity plan can counter reliance on just one service that can become a single point of failure for critical services like email. Invariably that plan needs third party cloud services, like Mimecast, to offer the same options that have been common place in the on-premises environment – a blended cloud approach.
Mimecast Services for Office 365 ensure when Office 365 is offline your business’ email keeps working. It also enhances an organization’s security by detecting advanced threats like spear-phishing. In addition, it improves the resilience of critical data, meaning if data is lost or deleted accidentally or with malicious intent it’s fully retrievable. This vital protection for Office 365 helps overcome the remaining hurdles to enterprise adoption of Microsoft’s service.
If you’d like to find out how Mimecast and Office 365 services work better together, click here to download our free report and view a webcast of our CTO Neil Murray discussing the risks of a move to Office 365 and how to tackle them.
by Orlando Scott-Cowley
One year after the Target data breach, there’s never been a better time to consider how vital email security is to maintain the sanctity of the supply chain. Email, by its very nature, directly connects companies large and small together creating opportunities for hackers to turn suppliers, partners or customers into unwitting victims of malware.
An obvious example of these dangers to the supply chain can be found in the Target breach which ran from November 27th – through December 15th last year and exposed credit card and personal data on more than 110 million consumers. The breach at Target appears to have begun with a malware-laced email phishing attack sent to employees at a heating, air conditioning and refrigeration firm that did business with the nationwide retailer.
Traditionally businesses have used security scanning or gateway services to make it harder for traditional spam or phishing attacks but these only usually protect users on the network and corporate managed devices. But determined attackers are increasingly using a combination of sophisticated social-engineering and targeted or spear-phishing emails in their attacks.
Securing your relationships with suppliers and third parties is quickly becoming a top priority for those who have learned a lesson from the Target breach. Since the evolution of BS7799 part 2, into its current form of ISO27001, considering how to secure suppliers’ systems and imposing your security controls on those third parties has been a key part of security best practice. It is, therefore, not a new idea, that we ought to ask our suppliers how they store, process and secure our data, transactions and connections.
At Mimecast we have elected to adopt ISO 27001 as the cornerstone of Mimecast’s Information Security Management System as it is globally recognized as the best framework to demonstrate audited and continual improvement and on-going security management. Recent additions to this framework (ISO 27001:2013) added greater emphasis on keeping supply chains secure. But this isn’t a guarantee of security, it’s only part of a much wider scope of protection, both theoretical and technological.
I also believe protection must be available to employees no matter the device used to access corporate email systems and without adversely affecting user experience.
For example, our own Targeted Threat Protection service immunizes all embedded links by re-writing them to point to Mimecast’s global threat intelligence cloud. This real-time security check protects against delayed exploits or phishing techniques that direct people to good websites at first, only to arm their dangerous payloads afterward.
Enterprises must protect the user when they actually click, so in the (un)likely event you experience the same fate as Target, you’ve supplied the best protection technologically available. This last line of defense has become the only defense against those who seek to abuse the trust we have in our business relationships.
by Orlando Scott-Cowley
Delivering secure IT systems to users and the enterprise doesn’t often get the thanks and praise it deserves. I know from first-hand experience that in the world of IT admins there’s often a lot of complaining when a system doesn’t work, but rarely any thanks when it does.
So in conjunction with Thanksgiving in the US, here are a few things we as security professionals might be thankful for.
Happy Thanksgiving from Mimecast!
No Data Breach: Being thankful for not being breached this last year is the big one. You will be very thankful if you haven’t had to appear before your board or on Fox, MSNBC, CNN or even worse C-SPAN, to explain where your customer/credit card/intellectual property/data has gone. I’ve spoken to many of my peers who are extremely thankful as more time has passed and they haven’t had to deal with a major and public incident. The old adage, that the better an IT administrator does their job, the less they will have to do, doesn’t ring true here. The red queen effect of those who seek to exploit our systems is still a strong force as the Sony Pictures team would no doubt testify yesterday.
Security Mindfulness: Be thankful for the growing focus on IT security. IT security is getting a much higher profile and this is increasing public concern, and this drives more buy-in from senior management which means more security budget should follow. There is also a trickle-down effect from the volume of stories that hit the mainstream media as they impact our non-technology colleagues too. Telling them that their logins, systems, data, accounts, on-star systems, garage door openers are all at risk from hackers/Anonymous/Unit 61398/Axiom/SEA/etc. The concern this has whipped up means a renewed interest in security measures that makes the task of getting business and wider employee buy-in much easier.
A New CISO: Be thankful for the new CISO. We’re told more CISOs are being recruited than ever as the C-Suite accepts the need to have a single senior executive responsible for the management of their security strategy. We’re already seeing the appointment of the CISO can have a measurable effect on reducing the cost of a security breach, and the cost of protecting data, so the ROI on a CISO becomes easily provable.
Savvy Users: Be thankful for employees who are getting more security savvy might sound like a surprise to some. As consumer computing becomes more accessible and easier to adopt, think tablets rather than *nix desktops in terms of complexity, employees are much more technically savvy than ever before. And, as digital natives start to enter the workplace, being new to technology is no longer a problem. Being more technically savvy means educating users to risks has become much easier, and we ought to be thankful for that. However this is a double-edged sword, one I like to call the Dropbox effect; savvy users mean the fast proliferation of unsanctioned consumer grade IT in the enterprise, and that is a Shadow IT threat we’re not thankful for.
So as you sit enjoying your turkey, and you are hoping that a Black Friday spam deal doesn’t lure your employees to a malware laden website, remember there is a lot to be thankful for and people who realize how much of that is down to your hard work!