Q: We have clients who run almost their entire business on Office 365. However, most of them decline additional security services because they think that “Microsoft has my back,” but how true is that?
To answer this question, Smarter MSP reached out to Jason Whitehurst, VCIO and Cofounder of Austin, Texas-based NoctisIT. NoctisIT provides security services to a variety of businesses and NGOs across the world. According to Whitehurst, complacency is the enemy for most people when it comes to Office 365. People are enamored with the Microsoft brand, and that causes them to make assumptions.
“The first thing people do is that they assume what Microsoft offers in terms of security is sufficient and covered by regulatory guidelines, but it is not. People think Microsoft saves backups for three years, but they don’t,” notes Whitehurst.
He is quick to add that he is a “huge fan” of Office 365. However, Microsoft’s breadth and size makes it impossible for them to cover everyone’s individualized cybersecurity needs.
“Due to the breadth and scope of the customers they have, there is no way they could possibly cover everyone,” details Whitehurst.
The key to keeping your Office 365 data safe is to have a clearly defined company policy and protocol for handling files.
Have secure, separate storage
“Unless you have a really firm understanding of what happens to your office data and you have a backup protocol process in place, there is no guarantee that data will be there,” warns Whitehurst.
To that end, there needs to be a toolset that connects to API. There needs to be storage in a separate entity, but have integration with Office 365, so that a vendor can backup data from it. Enterprises need retention policies and authorizations to back up.
“The vendor needs to recognize the importance of storing data separately,” advises Whitehurst.
Those are baseline minimums that need to be done to protect Office 365 data. Going above and beyond would include backing up individual user mailboxes and having the ability to restore individual messages.
Sometimes convincing clients to provide backup protective services for Office 365 data can be challenging, but Whitehurst says businesses need to consider the cost of not doing so.
“When we get called in after an event, we find that even in small organizations, the final cost is never less than $25,000 – $30,000,” details Whitehurst, referring to the cleaning up of an attack. That’s just for an essential garden variety clean up. Anything more than that and the cost can spiral.
“People think that it can’t happen to them,” states Whitehurst, referring to a loss of data on Office 365 due to nefarious or technical issues.
Communication is key
“MSPs can communicate through quarterly business reviews, monthly reports, and highlighting their successes. Give clients the right information to show them that you are proactively dealing with issues,” offers Whitehurst.
That is why Whitehurst is a huge fan of Barracuda Sentinel. “It is feature-rich and proactive in dealing with problems my techs might otherwise have to deal with. Barracuda is so far ahead of others with a complete platform,” says Whitehurst.
The built-in reporting highlights information that has been blocked and illustrates well-crafted attempts to enter the enterprise’s environment.
Clients look at the numbers, and at the end of the day, you need to put it in terms they understand. While Office 365 isn’t infallible, it is still one of the best options available.
“You can’t have an email platform and file storage environment for anywhere near the price you pay to use it. At this point, the price is commoditized so low and the services so high, it makes no sense to use anything else,” admits Whitehurst.
Now, you just need to convince your clients to secure it.
Photo: oatawa / Shutterstock
Really enjoyed the chat, Kevin and wanted to say thanks for such a well-crafted summary of our discussion.