To dive into the topic of security threats and Microsoft 365, VMblog reached out to an industry expert, Andy Syrewicze, Technical Evangelist at Hornetsecurity.
VMblog: What are the most common M365 threats today and how do I mitigate them?
Andy Syrewicze: As we found in a recent survey we
conducted on the nature of security threats with M365 we found that email security threats continue to be the most
pervasive security threats targeting businesses today. The reason being here is
that email attacks require a relatively low capability set to initiate, and
they typically target the weakest link in your security posture, your
end-users. Businesses today can best protect themselves by leveraging a third party
security service for M365 that specializes in security and is independent from the vendor providing the collaboration
software.
VMblog: As a consumer of Microsoft 365, isn't Microsoft keeping me safe from
security threats?
Syrewicze: Actually no. Not by default. This is a common misconception in that many
organizations believe that Microsoft handles security on their behalf. In
fact Microsoft's shared
responsibility model states that security and
responsibility of data and identities falls on the end-customer. While
Microsoft does supply some capabilities out of box to help address these
concerns, it's up to the customer to implement them, license and deploy
advanced security features, or work with a trusted 3rd party security vendor to help secure their business.
VMblog: Wouldn't it be better for me to leverage the security services offered
by Microsoft as opposed to a third party?
Syrewicze: Some schools of thought look at it this way, yes. And, while Microsoft
does offer some decent capabilities in their security suite, many of them are
difficult and time consuming to implement and the licensing can be wildly
complicated. There is also a concern amongst compliance experts in the
community around the concept of vendor overdependence. Meaning, there is an inherent conflict of interest when it comes to using the same vendor for both
security and productivity tools. That's like the factory owner also being the
compliance inspector. Many organizations leverage an independent third party security
vendor for objective monitoring and insight
into their core security posture when leveraging cloud services such as
Microsoft 365.
VMblog: Microsoft is conducting regular backups of my data correct?
Syrewicze: Like the security question above, this is also a common misconception.
When it comes to backup and recovery, the share responsibility model from
Microsoft also comes into play. While the M365 platform is great for data
retention, it is NOT designed for backup and recovery. In fact, Microsoft's
cloud SLAs actually state they recommend you leverage the services of 3rd party
backup and recovery software to protect the data you place into M365.
VMblog: In the event of an outage of Microsoft 365, are customers able to
continue working with local resources on the endpoint?
Syrewicze: This depends on your given setup, but even with proper planning there
will be services that you're unable to access. For example, while your
end-users will have access to previously delivered email, this won't help them
actively use exchange online delivery services. A third party that provides business
continuity services for M365, like Hornetsecurity can help bridge any gaps in an outage situation and allow your
end-users to continue working.
##