From Good to Great – Why Office 365 Needs Mimecast

[Tweet "Office 365 is now the real deal and with Mimecast it goes from good to great"]

From the moment BPOS was first released about five years ago, we’ve consistently said on this blog that we welcome Microsoft’s move to the cloud, that it’ll be a great solution for some businesses, but that mature cloud services like Mimecast’s will play a major role as adoption begins to gain momentum. Well, if BPOS was Microsoft’s trial run, Office 365 is the real deal and it does now seem to be gaining serious traction in the market. But our position remains the same, and in fact the business case for Mimecast’s solutions to enhance Office 365 looks stronger than ever.

Office 365 is positioned by Microsoft as a one-stop-shop, and on the surface looks like something of a panacea for a business looking to outsource email and stop managing an on-premises Exchange server. For many businesses, particularly in the SMB space, it is.

But for larger companies, or those for whom email is a mission critical application, Office 365 may not be quite so alluring. In general, Mimecast customers fall into that category – they want to use best practice cloud services to protect email from threats, and store the data in a secure, highly available archive. And amongst our customer base we’ve seen a preference for keeping Exchange on-site – there’s strong interest in Exchange 13 – or moving to a hybrid model with some mailboxes on-site and others in the cloud.

The blockers to Office 365 adoption seem to fall into three categories.

  • Archiving doesn’t offer sufficient levels of compliance and eDiscovery capabilities
  • Uptime is a concern
  • Exchange Online Protection may not represent best practice email security

We also think a further need will emerge, for a single archive of multiple types of unstructured data, fully searchable both for eDiscovery purposes and for day to day use by end users from their laptops, smart-phones and tablets. An Enterprise Information Archive for Office 365, to use Gartner terminology.

For Mimecast, then, nothing much changes from how we position around on-premise Exchange, where we offer enterprise grade cloud services that remove complexity and cost. With Office 365, it’s less about cost and complexity, and more about the ‘enterprise grade’ piece. As Office 365 adoption gains traction, the ‘pain points’ will also crystallize, and the ecosystem of ‘supporting’ or ‘enhancing’ services will emerge.  It already is emerging.

Is this a bad thing for Microsoft or Office 365?  On the contrary. Businesses who want to go down this path will be reassured that there’s a third party ecosystem of mature cloud services that can enhance the ‘off-the-shelf’ capabilities of the various SKUs of Microsoft’s new cloud solution. We expect to find businesses buying Office 365 plus Mimecast for any one of the three issues above, or potentially buying our entire UEM suite if that’s what best meets their needs. And we also expect companies who’ve already moved to Office 365 to subsequently purchase add-on services to shore up functionality in those key areas, be they compliance or security related, or based on concerns about downtime.

So, to conclude, Office 365 comes in a variety of different shapes and sizes at different price points, ostensibly for businesses with different messaging requirements. It covers a lot of ground, and for many businesses the barrier to purchase is that one or other area of critical functionality doesn’t quite meet requirements. With Mimecast, which works seamlessly within an Office 365 / Exchange context, these perceived short-falls can be fixed, and the barriers to purchase removed. With Mimecast, Office 365 goes from good to great.


Mother's Day for your data – World Intellectual Property Day!

April 26th is World Intellectual Property Day.

This is a day of recognition that was started in 2001 by the World Intellectual Property Organization.

Do we need a day to remind us how important Intellectual Property (IP) is?

Personally I think we do.

Sure we know about the value that we get from patenting our big ideas, from documenting and enforcing our workflows that give us the competitive edge we need. We know about the big ideas, the things that are easy to differentiate, the processes that clearly are our own and stand us apart from our competitors.

But is this knowing about our IP or is this simply protecting our key assets?

Let’s take a look at another day that is celebrated in many countries around the world, Mother’s Day.

Mother’s Day is a very old traditional holiday that celebrates motherhood and honours mothers. Rather than letting these two essential and everyday parts of our society languish in anonymity, we choose to bring them to the fore to recognise and cherish what mothers do for us, what motherhood means to us. Let’s face it, humanity has always had mothers and motherhood and will certainly continue without a day celebrating them. Mother’s Day is simply a way for us all to tell mothers everywhere that we recognise that while they are a common occurrence, motherhood is by no means a mundane part of our society.

So too with IP Day.

We keep secrets from one another and we brand our information as confidential. Every day we see ownership and confidentiality disclaimers. Our emails profess that all information belongs to our employers and those we receive belong to the sender’s employers. We have IP and privacy woven into the very fabric of our business society. Like mothers, IP is a core part of everyone’s lives – only we don’t generally choose to acknowledge anything but the biggest and brightest ideas.

The biggest single issue with IP is that most companies don’t actually know what knowledge they are sitting on.

Take email for example- it is a phenomenal source of knowledge. So much business communication use email, whose conversations provide a rich contextual background to any single piece of data it contains. Who sent it, what was said, what versions went where, when- the real context.

But the problem is that email is stored and archived in places where data goes to die. Ok, maybe not to die, but archives conjure up images of old musty shelving in the basement that is only ever accessed when there is some or other legal dispute that requires old information to be collected and brought back into the light. This is also true of vaults, places to lock information away, places that ensure no-one gets any value from your data for all time.

This is one of the big problems we’re working to solve at Mimecast. Giving us your email is going to make it more useful, not less in the future.

Imagine if a little bit of awareness enlightened your staff and let them know that everything they do adds a little to the wealth of your company. Imagine if they recognized how valuable information actually is. Imagine the potential you would unlock if you could mine and analyse the data you have been storing for all these years.

So celebrate World IP Day in style, let your people know that while you may not have the analytics tools to automatically derive value from your unstructured data, you value the information they produce for you and would love to hear from them how best to surface more value. Information is there to be used, not stored in some dusty basement only to be called for in emergencies.

After all, you don’t only bring your mother out once a year do you? She is there every day adding value to the lives of those around her.  Treat your information like you would your mother, let it thrive and add value to your life every day.


Make Legal & IT play nicely together!

One of my colleagues summed this up perfectly; he said you want to remove the V from “Legal Vs IT.”

There you have it, problem solved. Legal Vs and IT. But it’s not as easy as that is it?

I regularly receive fan mail from CIOs and IT Managers who are going head to head with their Legal departments, and sometimes Lawyers who are trying to get their point across to the IT department.

Those are the days I feel like a tech version of Dr Phil.

Lets take a step back and look at where the Legal and  IT departments interact. On a basic level they both provide services to each other; one becomes the customer of the other, and vice versa. (Apologies for the latin, I feel obliged to use a little for the lawyers who are reading. They, along with Doctors and people who finish The Times crossword keep that language alive.) But as you dig deeper into the line of business applications users require there is one that sticks out as being the sole domain of the Legal user. Litigation support and ediscovery applications.

The analyst firm Gartner tell us that ediscovery is one of the major drivers behind email archiving, it could well be ‘the’ driver for email archiving. For the IT department provisioning a usable and scalable ediscovery solution generally means large amounts of budget and certainly a truck load of disk space and processing power. For the Legal user it means having access to an effective discovery solution that allows them to perform from the Early Case Assessment (or Identification) phase right through to the Presentation phase.

Generally that’s where the problem lies.. Legal users demand access to data whilst the CIO tries to balance the cost effectiveness of storing data against the risk of deleting it. Yes disk is cheap but when you add up all of the paraphernalia required the shopping list becomes quite a challenge, and for the many companies not used to experiencing the  special joy and happiness that an ediscovery request brings, justifying the budget can be hard.

If I were Dr Phil I might say something like;

Learning to support each other isn’t something you can change overnight, this will be a long slow road, sometimes painful and sometime joyous. But learning to see the problem from the others perspective will make it much easier to solve.

Legal and IT departments are like step-children, they have only recently needed to get on and become friends. Historically they both work in their own little universes but today they each rely on the other to perform. So for one day or one week get them to swap toys, put the Legal users in ITs shoes and IT in the Legal team. Get them to really examine where the other is coming from and see how cooperative they become.

If they don’t drop me an email and I’ll see if I can line up Dr Phil.


Could there ever be a Forensic Search of the Cloud?

Picture of a Hard Disk head at rest on a platter

I was at a Friends of eDiscovery gathering in the Midwest last week.  This is a group aimed at providing local forums to discuss the eDiscovery conundrum, and to determine local standards of care in the eDiscovery workflow.

At one point, the discussion turned to forensic collection, and whether it is required in all cases.  Of course, no one thought that it is always necessary, but in the ensuing discussion, someone wondered whether we would begin to see forensic collections from Cloud service providers.  As a (and perhaps the only) Cloud service provider in the room, I made the point that we had not seen 3rd party requests for forensic collection and did not see a future where we would permit forensic collection from our servers.  (I should also note that by ‘forensic collection,’ I mean a bit-by-bit copying of a drive, not merely a defensible collection.)

Without even touching on the Stored Communications Act (18 U.S.C. §§ 2701 to 2712) and its applicability to Cloud computing providers, the very nature of the Cloud computing business model argues against there even being ESI that would need a forensic collection to access it.  To a large degree, this is due to the distributed, multi-tenant nature of the model.

In essence, Cloud computing providers build an infrastructure (as actual machines or as an application) and rents out parts of it to people/organizations as they need it and customers’ data is distributed across that infrastructure.  As any information is deleted, the storage space or computing power is automatically and immediately reclaimed so it can be placed in use by someone else.  So there would be nothing for a forensic collection to gather that a routine collection would not gather.

If, by chance, some information remained on abandoned Cloud territory, the distributed nature of storage in the Cloud would render that information horribly expensive to gather.  To be able to reconstitute data into a meaningful format, the collection would have to be done on ALL of the provider’s servers (within a given geography, if the data for the client in question were so limited).  This would take the already-high cost of hard drive restoration and multiply it many times over.

All this is not to say that there will NEVER be a situation where a forensic collection from a Cloud provider could be appropriate, but that’s only because never is such a long time.  But because the of the low likelihood of finding unique information in a forensic collection and the high cost of such a collection, never seems pretty close to the mark.