Microsoft 365 is already dominant in the marketplace and is poised to surpass 75% market share this year. The cloud-based productivity suite interacts with a vast amount of corporate data including email (Outlook Online), individual file storage (OneDrive), and even financials (Excel Online). Its built-in security tools are helpful but inadequate, and organizations would do well to ask a few questions before they deploy Microsoft 365:
- Is Microsoft 365 able to block malware, spam and phishing emails? SE Labs found that, even with Advanced Threat Protection (ATP) enabled, Microsoft 365 accurately detected less than 30% of spam, phishing and malware infected emails. More than 90% of malware is still delivered by email, and email threats have become more sophisticated. Organizations must consider whether Microsoft’s email security is adequate, or whether the Microsoft 365 environment should be protected with a secure email gateway (SEG).
- Are the people accessing Microsoft 365 my employees and are they using devices that are compliant with our security policies? Access control and endpoint protection should be part of any Microsoft 365 deployment. Stolen credentials are a major source of data loss, and privileged users have traditionally been trusted across the network after logging in once. A simple username and password are not adequate.
- Does my Microsoft 365 deployment include sensitive data, and who is accessing it? Data loss prevention is a key attribute of any attempt to secure Microsoft 365. Like most cloud solutions, the default setting in Microsoft 365 is unlimited sharing of files and other data internally and externally. Organizations must be strategic about how to prevent data loss.
The best solution is an integrated approach that eliminates silos and brings all elements of security together. The Fortinet Security Fabric is a consistently highly rated solution that brings the whole security infrastructure under a single pane of glass.