The Case for Cloud Security
Many companies still hold on to a belief that the cloud is unreliable and prone to attack. While I can understand the sentiment, it usually feels short-sighted. If you think on-premises is always safer than the cloud, try looking at this through a different lens: banking.
You can choose to keep your money on-premises by hiding it under your mattress, but few people do that. Most of us will deposit or paychecks at a bank or credit union. Why? Because it’s safer (and the interest is nice too). The bank’s job is handling and securing your money. While I could keep my money relatively secure at my house with a fireproof safe and a home security system, it’s not going to be nearly as protected as it would be at the bank. Their ability to specialize and invest in security far outweighs my own.
Why don’t we look at our data the same way? Sure, I know the basics, the Nigerian prince emailing me is probably a scam and I should install anti-virus on my devices, but I’m not able to stay ahead of the constantly changing cyber-landscape and invent new ways to protect myself. Instead, I trust companies like Microsoft who employ thousands of people, invest billions of dollars, and work on this very subject day in and day out.
But, what exact Office 365 features does Microsoft include to protect you and your data?
The platform employs a defense-in-depth approach to security. This means you’re assuming that your perimeter will ultimately be breached. While you still want to have strong outer defenses (i.e. firewalls) properly set up, you’re also preparing for what happens when (not if) a threat gets through. At the next level, you’ll have other security features that are going to catch the threat before it can do any other damage or become more widespread.
While stopping threats before they breach your perimeter is ideal, it’s a gamble that I wouldn’t risk any of my information on. In 2016, over 4,000 ransomware attacks occurred daily according to the FBI. This represents an over 300% increase in attacks from 2015.
Identity-based security lets you employ multi-factor authentication (MFA). This improves your security posture by allowing end-users to provide extra proof of their identity. MFA relies on users confirming at least 2 of the following:
Something you know meaning a password, pin, or some other secret. Don’t forget to change your passwords, keep them complex, and don’t reuse them!
Something you have meaning a keycard, security token, or other device that you keep on your person to prove your identity.
Something you are which is most commonly a fingerprint or facial scan. It could also be a retinal scan, voice print, handprint, etc.
For example, when I work remotely or try to access Outlook from a new location, I have to enter in a limited-duration code sent to my mobile phone. In some cases, users employ their thumbprint as a second factor.
When combined with the security investment and capabilities inherent in Microsoft Enterprise Mobility + Security and Windows 10, you are able to implement a very powerful security strategy. You can even get as granular as restricting specific users from accessing specific documents while they are using a specific device or from a specific location.
For example, if I (or someone pretending to be me) was trying to access something I stored on OneDrive from a new or untrusted location, it would deny my access until I meet all conditional requirements.
The Microsoft Trust Center even shows the security capabilities down to the mobile application level. It’s easy to check and see, for example, if Delve supports conditional access or if you can set MFA conditions for PowerPoint.
Microsoft’s Security Commitment
Microsoft is committed to the security of their clients’ data and works to be a trustworthy partner. They report their top 10 security and privacy features in an effort to be transparent about how they protect your data. My favorite is number 10:
“We contractually commit to the promises made here with the data processing terms in your volume licensing agreement. For more information, visit the Independently verified section of the Office 365 Trust Center.”
I’m sure you and your company have security protocols in place that have kept you safe until now. But are you confident that keeping your data under your mattress will be able to stop the 4,000 attacks we will see tomorrow? Or the 4,000 the day after?
Whether you think so or not, it’s a good idea to take a look at the Microsoft Cloud to see how you stack up. 80% of the Fortune 500 is already leveraging Microsoft’s people, technology, and investment in security to protect their people and their data. Joining their ranks will let you spend your time and resources where you need them most instead of reinventing the wheel and exposing yourself to unnecessary risks.
Microsoft is constantly changing and evolving to stay ahead of cyber threats, meet the needs of their customers, and leverage industry trends. This blog series was written to give you an idea of the applications available today that you probably own but don’t fully use. If you want to learn more about your Office 365 environment and ways to maximize your ROI, give us a call! As a Microsoft Gold Partner, we are always ready to talk!
Make sure to read the other posts in the series:
- On Making a More Productive Workday
- Defeat the Reply Allpocalypse
- How to Simplify Version Control
- How to Avoid Conference Call Faux Pas
Make Office 365 Our Priority
As a Microsoft Gold Partner, we've explored the gamut of solutions and distilled the best practices, templates and lessons learned into our Managed365™ solution so our customers can find success on the first swing.
If you are considering migrating to Office 365, our Microsoft Cloud experts are ready to review your current IT infrastructure and discuss how you might harness the platform to work for your systems and budget. Download our data sheet or click the button below to schedule a consultation.