Many organisations have come to rely on Microsoft 365. Sources estimate that between 89% and 94% of organisations are using cloud in one form or another. Cloud has transformed IT environments, offering a range of incredible benefits.
Microsoft has been one of the leading providers of cloud platforms since launching its cloud computing platform, Azure, back in February 2010. In June 2011, Microsoft launched its Software-as-a-Service (SaaS), Microsoft 365. The biggest advantage of Microsoft 365 is that it’s managed and routinely upgraded by Microsoft themselves. This removes much of the maintenance burden and cost. Over the years since it was launched, adoption has rapidly increased to around 200 million monthly active users (circa 2019). Given this number, experts predict the adoption of Microsoft 365 will only continue to accelerate.
Cloud is a high value target for cyber criminals
Microsoft 365 consists of a number of SaaS applications, including email. Whilst there are many benefits of organisations moving email applications to the cloud, most organisations are not naive to the risks of having their data processed and stored on infrastructure and software owned by a third party. Cybersecurity has become a major consideration in recent years. Laws and regulations are finally catching up and making organisations accountable for protecting the sensitive data in their possession. Cyber criminals too, have become more sophisticated and elaborate in targeting high value data. If they can compromise an organisations Microsoft 365 environment, it provides a way in to harvest lots of valuable and sensitive data. They can learn how the company operates and identify new targets to exploit.
Microsoft fully recognise the cyber threats facing organisations using Microsoft 365. Microsoft has to be commended for the investments they make in continually hardening their platform. Organisations can choose to switch on different security modules spanning access and identity management, data integrity, device security and threat management. Microsoft has an excellent record of adding new features to each of these areas with every update, boosting security, compliance and business continuity.
Despite such efforts, Microsoft accounts do get compromised. Often this is not because of any weakness in the Microsoft technology stack, but because of vulnerabilities else-where in the IT estate.
The importance of endpoint security
The trouble is, the modern workplace is complex and almost perimeter-less. This means there are many more surfaces and devices to protect. Cyber criminals know this and will routinely try to exploit vulnerabilities using different attack vectors to gain access to sensitive data. In the case of compromising an organisation’s Microsoft 365 email, the cyber criminal is likely to first try and compromise a weaker application, platform or device in order to get access to the Microsoft 365 credentials.
For instance, with the rapid expansion of employees working from home, cyber criminals will target laptops and devices that don’t have adequate endpoint security installed. Equally, these endpoint devices should have secure VPN services, especially since we don’t know how secure an employee’s home network is and who might be listening in on their communications. Phishing attacks are another popular way cyber criminals may try and compromise an employee’s Microsoft 365 account.
The role of third party cybersecurity vendors
Third party cybersecurity vendors play an important role in securing Microsoft 365 in other ways too. Very few organisations will only use Microsoft 365. Most will rely on applications outside of what Microsoft offer. Hence, it is common for organisations to use a mixture of different cloud providers (multi-cloud). Data is shared between the different cloud applications.
In addition, many will have some applications running on-premise infrastructure, meaning they have a hybrid infrastructure. In this instance, effective cybersecurity relies on a co-ordinated holistic approach that can span all elements of the IT estate. So, whilst Microsoft’s security and compliance tools are great for managing a simple Microsoft 365 deployment, they struggle to encompass other cloud platforms and on-premise infrastructure.
This is where specialist third party security vendors come into their own. For instance, many organisations have a SIEM solution for logging activities and threats. The latest generation of SIEMs are able to monitor the different elements of the IT estate. Using AI and machine learning, they are able to analyse communication patterns in order to spot anomalies that are possible indicators of an attack.
Only by spanning the entire IT estate in this way, can an organisation aim to build up a complete and reliable picture of cyber threats and activities.
Reader comments
0 comments