Virtualization Technology News and Information
VMblog Expert Interview: Andy Syrewicze of Hornetsecurity Explores Misunderstandings Around Security and Backup for Microsoft 365


There are a lot of misconceptions around security and backup with regard to Microsoft 365.  To better understand things, VMblog reached out to industry expert, Andy Syrewicze, Technical Evangelist at Hornetsecurity.

VMblog:  I'm paying a monthly service fee for Microsoft 365, isn't Microsoft keeping me safe from threats??

Andy Syrewicze:  No, in fact this concept is part of the Microsoft shared responsibility model for cloud services. In this model the customer is responsible for the safety of their data. Additionally, Microsoft actually calls out the need for 3rd party backup services in their SLA documentation. More information on this can be found here.

VMblog:  But as a hosted cloud service, data in Microsoft 365 is safe from ransomware threats, right?

Syrewicze:  Actually no, there are recorded cases of M365 tenants being ransomed in the wild. This makes 3rd party backup of M365 data all the more important. Kevin Mitnick has a great video here that shows how the attack works.

VMblog:  I get Exchange Online Protection with any license of Microsoft 365 that involves a mailbox. Why would I look for more security protection than Microsoft provides?

Syrewicze:  EOP provides a base level of protection it's true. EOP provides a spam detection rate of 99%, however this isn't good enough in most cases when you're talking about numbers of scale in email. We discuss this in further detail here.

VMblog:  Isn't it best for me to use the Microsoft's security services to secure Microsoft 365?

Syrewicze:  There is a lot of discussion on this in the industry right now, and while it does seem to make sense, not everyone is convinced. Many organizations see an inherent conflict of interest in using the same vendor you're using for productivity for security as well. That's like the basketball referee also being a player in the game, right? Additionally, by leveraging a 3rd party provider that focuses specifically on security and nothing else, you're going to get better protection and service. On top of that, M365 licensing is simplified in many cases.

VMblog:  Managing PKIs for Email encryption is a pain. Is there some way to make it easier?

Syrewicze:  It's true, managing PKIs is difficult and unwieldy. A 3rd party solution like Hornetsecurity Total Protection makes this process much easier and more intuitive.

VMblog:  With all the retention capabilities built into Microsoft 365, do I even need to look at 3rd party backup solutions?

Syrewicze:  M365 as a platform is indeed designed for retention, and it does a good job of it. That said, data retention and data backup/recovery are two different things. M365 isn't designed for point-in-time recovery. On top of that the retention capabilities in M365 don't lend themselves well to dealing with recovery of large amounts of objects. It can be difficult and time consuming. A 3rd party option that does backup specifically for M365 is the preferred option.


Published Wednesday, December 29, 2021 7:29 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2021>