Transcription
S T I L L N E E D 3 RD PA R T Y E M A I LF I LT E R S I F YO U M I G R AT EEXCHANGE TO OFFICE 365?A B S O LU T E LY !HERE ARE 3 REASONS WHYWHITEPAPERJuly 2015Vircomwww.vircom.com
Executive SummaryOffice 365 has become a central revenue driver for Microsoft, hencethe big marketing push. And companies large and small are jumpingon the bandwagon.Undoubtedly, Office 365 is a very strong tool, a great gateway to getting the most up-to-date Microsoft Office features, and integrationwith various productivity apps and, of course, email services. Nonetheless, Office 365 does have its shortcomings; specifically in emailsecurity, archiving and retention.In these specialized areas, third-party security providers outperformOffice 365’s current security offering, and are essential for an adequate level of security.OFFICE 365 SECURITY WHITEPAPER VIRCOMPAGE 2
THE CLOUD – THE HYPE AND THEE V E R - P R E S E N T T H R E ATSWith the tremendous influx of IT services going to the cloud in 2014, specifically the US SMB cloudmarket which reached 24 billion according to Parallels SMB Cloud Insights. It is no wonder CIOs incompanies small and large have been taking the leap to the cloud. And Microsoft has certainly benefited greatly with Office 365 being one of its driving forces. In fact, Office 365 has become one ofthe main growth strategies for Microsoft as it focuses on moving its standing clients to subscriptionmodels. In fact, Microsoft has seen an increase in cloud earnings, with a jump in subscriptions of Office365 in the second quarter of the fiscal year, (30% over the previous quarter to 9.2 million users), and acommercial cloud revenue growth of 114% driven by Office 365, Azure and Dynamics CRM.1Undoubtedly, Office 365 could greatly benefit companies, especially in terms of accessibility, cost-effectiveness and reliability of upgrades.2 However, there are serious gaps with O-365’s service offering,specifically with respect to its email security, retention and archiving capabilities. In this whitepaper,we will look into three critical elements that we consider to be security limitations when migratingto O-365. We will mainly address whether you need a second anti-spam provider when migrating toO-365. We will also go into detail as to the different ways in which independent and integrated technology can help overcome these limitations.1Microsoft Earnings Release FY15, Q2: Microsoft Cloud and Devices Momentum Highlights Second Quarter Results, January 26, /default.aspx“The Top Five Office 365 Features,” SearchExchange, accessed March 31, 2015, iveOffice-365-features2OFFICE 365 SECURITY WHITEPAPER VIRCOMPAGE 3
T H E L I M I TAT I O N S O F O F F I C E 365 A N DSOME PRACTICAL SOLUTIONSBefore getting into the email security elements where O-365 falls short, it is important to understandthe email security structure that is presently offered with O-365. O-365 offers an anti-spam enginethat is already built in to the program: EOP (Exchange On-line Protection). However, according to Sonian’s report on Office 365, such an anti-spam solution can be a porous one, which “may not meet withdemands in regulated and non-regulated industries”.3 Such imperfect security layers leave you vulnerable and can potentially let malware into a company’s network, along with a quantity of spam.REASON 1: ARCHIVINGArchiving in O-365 has its limitations as it refers to archiving and journaling. For one, there is currently alack of support for Exchange Online archiving with Outlook 2011 under MAC OS X, and archived emailscannot be accessed on Android or iPhone devices. Microsoft explains the archiving limitation presentin O-365 “You can’t designate an Office 365 mailbox as a journaling mailbox. You can deliver journalreports to an on-premises archiving system or a third-party archiving service. If you’re running a hybriddeployment with your mailboxes split between on-premises servers and Office 365, you can designatean on-premises mailbox as the journaling mailbox for your Office 365 and on-premises mailboxes.”4The lack of archiving capabilities can be problematic in highly regulated industries such as legal andfinancial. Whereby compliance authorities require the monitoring or sampling of communications.Further, Office 365 does not allow for external content to be imported for archiving purposes. Hence,companies that require the documenting of content into office 365 that is being produced on a number of external cloud services - such as Salesforce’s Chatter, instant messaging and a number of othercommunication mediums (except for LYNC) - will have no choice but to use a third-party archivingprovider to take care of this.For other archiving needs- such as safely archiving certain automatically flagged emails (which can beidentified based on previously user-defined rules); companies can make use of a third-party provideroffering a mail-routing option.3The Case for Sonian Email Archive with Exchange Online/Office 365 (Sonian, n.d.), www.sonian.com4“Journaling,” Microsoft Exchange, May 20, 2014, 49(v exchg.150).aspxOFFICE 365 SECURITY WHITEPAPER VIRCOMPAGE 4
REASON 2: RETENTIONIn Office 365, deleted Items and junk-email are retained for a maximum of 30 days, and often, the default is set at 14 days. This short period has proven to be more than an annoyance for IT administratorsat large. According to J. Peter Bruzzese, Microsoft MVP and technology contributor on TechTarget &MS Exchange: “Message retrieval is a common pain point for admins. With Office 365, that pain can beunbearable, as Office 365 doesn’t perform message retrieval beyond the deleted item retention limit,which is 14 days by default.” 5The lack of flexibility in the retention period can be challenging with the ever-present number of falsepositive emails that routinely make it to the quarantined emails list. Just imagine coming back froma longer-than-average vacation period and missing an important email that came through from yourtop client-who happened to use a secondary email rather than the usual email. If you’ve been awayfor more than 15 days, for example, you will be unable to retrieve the email, wasted time, frustration orworse.Third-party tools allow for more flexibility by allowing users to set extended ranges for the quarantineperiod.REASON 3: SECURITYUnfortunately, Office 365 falls short on email security. Such shortcomings can be associated to two keyareas.A: LACK OF CENTRALIZED QUARANTINE CONTROL:The EOC (Exchange Online Protection) which is Microsoft’s anti-spam engine, allows for all users toaccess quarantined emails with the option to release such. This decentralization of quarantine releasenot only poses a risk of wrongfully releasing well-construed phishing campaigns, but it is also an inefficient way to manage quarantined emails.In ideal environments, there is a centralized and decentralized approach to quarantine controls. An ITadministrator should have overall control over quarantined email to prevent any malware from reaching the company. At the same time, users should still have the ability to control their own spam filterson their emails, thereby allowing them to release any mistakenly quarantined emails from their side.Tony Redmond, “Do You Need Advanced Threat Protection? Maybe Some New Malware Is En Route to Your Mailbox!,” blog,Tony Redmond’s Unwashed Blog, April 9, 2015, rotection-ATP67Microsoft Office 365 for the Enterprise: How to Strengthen Security, Compliance and Control, September 2014OFFICE 365 SECURITY WHITEPAPER VIRCOMPAGE 5
This balance can be easily achieved with the use of third-party quarantine-control tools, that give superior control to an IT administrator, and end users can manage their own inbox settings individually.B : S PA M G E T T I N G T H R O U G H T H E I N B O X ( O N D E S K T O P S A N D M O B I L E S ) :A common complaint about O-365 is the amount of spam reaching the inboxes of users, and the lackof filters available on mobile devices that allow individuals to determine whether a link in an email issafe to click on. With the current management of spam in Office 365, users have to manually selectand identify spam that has made it to their inbox, and this essentially dilutes the purpose of anti-spamfiltering. In addition, there is a clear threat of being exposed to zero-day viruses and malware, whichgo undetected by anti-virus and anti-malware engines such as the EOP present in Office 365.6According to Osterman Research, “Office 365 does not offer more advanced and targeted threat protection techniques, such as real-time link following that emulates the contents for malware, in additionto reputation checks.”7 This level of granularity is very specialized and Office 365’s built-in anti-spamsimply cannot achieve this level of specificity.Of-course, the reality of today’s email environment is one whereby more than 70% of email is spam8,zero-day malware9 (or next-generation malware) is ever present and phishing attacks are becomingmore sophisticated. Third-party tools that are continuously up-to-date with the utmost latest malwareand attack threats are well equipped to cover these security gaps.Summing it UpCompanies, whether large or small, have been migrating to Office 365 with the objective of streamlining internal communication, document collaboration and sharing, and email usage under one service.However, when considering a migration to Office 365, companies cannot ignore the importance ofhaving a number of security layers attached to their emails. The current email filtering security thatis provided by Office 365’s EOP has a number of limitations that are not completely aligned with thebest security protocols. Not being prepared, or not taking precautionary action on these ever-presentthreats can be very dangerous.Tony Redmond, “Do You Need Advanced Threat Protection? Maybe Some New Malware Is En Route to Your Mailbox!,” blog,Tony Redmond’s Unwashed Blog, April 9, 2015, rotection-ATP67Microsoft Office 365 for the Enterprise: How to Strengthen Security, Compliance and Control, September 2014Kurt Wagner Aug 09 and 2013, “More Than 70% of Email Is Spam,” Mashable, accessed April 11, l-is-spam/8“What Is a Zero-Day Vulnerability? Security News,” accessed April 11, vulnerability/9OFFICE 365 SECURITY WHITEPAPER VIRCOMPAGE 6
Nonetheless, when Office 365 is paired with the granular security services of a third-party provider, itcan result in an adequate protection achieving the highest level of security required.T O G E T A B E T T E R U N D E R S TA N D I N G O N H O W T O O V E R C O M E T H E O F F I C E 3 6 5 E M A I LS E C U R I T Y S H O R T C O M I N G S T H AT H AV E B E E N H I G H L I G H T E D, C O N T I N U E R E A D I N G T H ES E C O N D PA R T O F T H I S W H I T E PA P E R .F O R A Q U I C K C O M PA R I S O N O F O F F I C E 3 6 5 ’ S O F F - T H E - S H E L F S E C U R I T Y W I T HO-365 AND VIRCOM, READ THIS HANDY REFERENCE GUIDEOFFICE 365 SECURITY WHITEPAPER VIRCOMPAGE 7
P R A C T I C A L S O LU T I O N S - H O W T O O V E R C O M E O - 3 6 5 ’ S L I M I TAT I O N S V I AT H I R D - PA R T Y P R O V I D E R S ?1 . A R C H I V I N G - U S E T R A F F I C D U P L I C AT O R S A N D M A I L R O U T E C O M M A N D SVircom’s modusGate/modusCloud can work in parallel with Office-365 to act as traffic duplicators ormail routers. This is achieved by using a proprietary Sieve language engine through an x-mailroutecommand, which sends duplicate traffic set to another machine to archive. This is especially importantin highly regulated industries that need to keep very stringent compliance rules on how emails arerecorded, and where emails are archived. This command allows for clients to keep an independentarchiving system using modusGate/modusCloud.3rd party archiving server orserviceInternetCloud or on-premiseemail security2 . R E T E N T I O N S O LU T I O N S – TA K E B A C K C O N T R O L ! U S E T R A F F I C D U P L I C AT O R S A N D M A I L R O U T ECOMMANDSRetention solutions can vary greatly from provider to provider. It is imperative to choose one that accommodates to one’s everyday email needs. Yves Lacombre, a 15-year Senior Sales & System Engineerat Vircom explores how their product has the required flexibility to adjust to the needs of IT administrators and end users “a client can easily set the quarantine period to expire after 90 days or 180 daysif they want. Since the quarantine is stored as standard text files in a physical folder, nothing preventsthe client to archive these files using very standard backup software to another server. If it is important for them to keep the quarantine for an arbitrarily long period of time, this solution certainly letsthem go way beyond the O-365 limits.1010Yves Lacombe, Interview with Yves Lacombe, Senior Sales and System Engineer, Vircom, March 27th, 2015OFFICE 365 SECURITY WHITEPAPER VIRCOMPAGE 8
3 . S E C U R I T Y A - C E N T R A L I Z AT I O N O R D E C E N T R A L I Z AT I O N – A M I X O F B O T H I S I D E A LThe approach of having a combined centralized and decentralized system is the ideal situation. Whereby, an IT administrator has configurable control of overall quarantine management, but at the userlevel there is a level of customization that allows users to configure their spam filters to their convenience, should they choose to do so.modusGate/modusCloud offers this level of service, where for example, users can control quarantinedemails and easily click on release links in case of any false positives. The IT staff need not micromanagethe inbox settings of their users.S E C U R I T Y B - O F F I C E 3 6 5 A N D M O D U S G AT E / M O D U S C L O U D U S E D T O G E T H E R S I G N I F I C A N T LY R E D U C E S S PA M G E T T I N G T H R O U G H T O I N B O X ( O N D E S K T O P S A N D M O B I L E S )modusGate/modusCloud can work effectively with Office-365 this combination results in a powerfulemail security duo- For example, once modusGate/modusCloud quarantines any emails that havebeen deemed risky, all links get removed - in effect becoming “unclickable”- whether being viewed ona mobile device or desktop. Lacombe explains that with modusGate/modusCloud, users will not runthe risk of clicking on any URL’s as these are removed before reaching the inboxes of users. In addition,Lacombe clarifies that “modus”, as a rule, prevents end-users from releasing any messages blocked asviruses or disallowed attachment types. This requires administrative intervention, which in most casesis the preferred method, to prevent non-technical end-users removing malware.”1111IbidOFFICE 365 SECURITY WHITEPAPER VIRCOMPAGE 9
ABOUT VIRCOMVircom Inc. is a pioneer in email security software, technology, hardware and virtualappliance solutions, and professional services.At the Edge of TechnologyVircom was founded in 1994 with a vision to advance technological improvements in network infrastructure through innovative products. This vision evolved as the Internet advanced, and it becameclear to Vircom that it too was evolving as a company as it became a pioneer in email security and antispam software.Vircom’s Story so farIn 1994, the Internet as we know it today was not yet to be formed. Vircom started by creating software for digital bulletin boards, the precursors of the Internet, and eventually software for the management and authentication of dial-up and DSL connectivity for service providers.As email evolved into the killer app of the Internet, we developed one of the first secured mail serversfor businesses and service providers. At the same time, we also created one of the first secured emailgateways to protect any standards-based mail server. We are proud to say that both innovations werebased on our own proprietary and award-winning technology.Since then, Vircom has evolved into more than a developer of email security software. We are the ITsecurity partners to thousands of customers representing millions of end users. We are an IT trendsetting company, always monitoring, analyzing and responding at the edge of the latest threats andattacks.What makes us different is our proactive approach: by being at the forefront of technological advances, we’re one step-ahead of understanding IT threats and challenges and living up to our motto ofpreventing future problems problems before they occur.OFFICE 365 SECURITY WHITEPAPER VIRCOMPAGE 10
References:Kurt WagnerAug, and 2013. “More Than 70% of Email Is Spam.” Mashable. AccessedApril 11, 2015. -spam/“10 Major Office 365 Migration Gotchas to Avoid.” InfoWorld,September 22, 2014. d.html.“Journaling.” Microsoft Exchange,May 20, 2014. 49(v exchg.150).aspx.Lacombe, Yves. Interview with Yves Lacombe, Senior Sales and Systems Engineer- Vircom,March 27, 2015.Microsoft Earnings Release FY15, Q2: Microsoft Cloud and Devices Momentum HighlightsSecond Quarter Results, January 26, /default.aspx.Microsoft Office 365 for the Enterprise: How to Strengthen Security, Compliance and Control,September 2014.Redmond, Tony. “Do You Need Advanced Threat Protection? Maybe Some New Malware Is En Route toYour Mailbox!” Blog. Tony Redmond’s Unwashed Blog, April 9, 2015. rotection-ATP.The Case for Sonian Email Archive with Exchange Online/Office 365. Sonian, n.d. www.sonian.com.“The Top Five Office 365 Features.” SearchExchange. Accessed March 31, top-five-Office-365-features.“What Is a Zero-Day Vulnerability? Security News.” Accessed April 11, -vulnerability/.OFFICE 365 SECURITY WHITEPAPER VIRCOMPAGE 11
Vircom460 Rue Saint-Catherine West, Suite 600 Montreal, QC, H3B 1A7www.vircom.com 514-845-5731
the email security structure that is presently offered with O-365. O-365 offers an anti-spam engine . 3 The Case for Sonian Email Archive with Exchange Online/Office 365 (Sonian, n.d.), www.sonian.com 4 “Journaling,” Microsoft Exchange, May 20, 2014, https: .
