Want to ensure your Office 365 environment is as secure as possible? Watch our free webinar “All Access Tour: Office 365 Security and Governance Features” for key tips and tricks!
Note: The following is a recap of Susie Adams’ session at Shift Happens Conference 2019. Check out the other session recaps below:
- How to Manage the Shifting Landscape of Office 365
- How to Inspire Sustainable Microsoft 365 Adoption After Deployment
- How to Create & Enforce Your Office 365 Governance Policies
- Discussing the Merits of Digital Leadership with Toni Townes-Whitley
- Fight Sprawl in Office 365! How to Effectively Govern Your Data
- The Best Real-World Strategies for Office 365 and Microsoft Teams Adoption
Security is changing rapidly across all industries. The rise of mobile devices and easily accessible cloud platforms has made protecting data substantially more complex than it was ten or even five years ago. So, how can you manage data protection while transitioning to the cloud? Let’s jump into it.
A common mistake many organizations make is trying to maintain aging technology. It has the benefit of being familiar, sure, but it also creates barriers to furthering your company’s security practices.
Today, we have the benefit of intelligent protection against threats. We can have settings that notify us, help us analyze the resulting data effectively, and act on it swiftly.
This isn’t just convenient–it’s essential. It used to be the case that an organization’s network perimeter would detect and repel attempted data breaches without much issue. However, the evolving security perimeter has shifted in such a way that data has now moved out of the network and its protections. People take their work home on non-managed devices, engage in shadow cloud practices (using Google Docs for work, for instance), and so on.
identity is the new firewall, devices are the new perimeter, and assuming breach is the new security model.
That’s right; assuming that a breach is happening at any given moment is key. This doesn’t mean you should hit the alarm every five seconds, but you should constantly evaluate and test your security. It’s also worth delving into your Office 365 settings to see what capabilities the cloud can afford you to better secure your environment.
What Goes Into Creating a Secure Modern Enterprise?
A secure modern enterprise is resilient to threats because it’s aligned to business objectives and the current threat environment. It should take into account:
- Identity. It embraces identity as the primary firewall and protects identity systems, admins, and credentials as top priorities.
- Apps and Data. It aligns security investments with business priorities. This includes identifying and securing communications, data, and applications.
- Infrastructure. It operates on a modern platform and uses cloud intelligence to detect and remediate both vulnerabilities and attacks.
- Devices. Preferably, it only allows trusted devices–with security measures in place–to access company data.
Microsoft’s Modernization Roadmap
Susan also laid out Microsoft’s modernization roadmap to help illustrate what the process of upgrading your data security in the cloud might look like. The first steps are:
- Designating data that needs to be retired, right-sized, or eliminated (~30%)
- Determining the data that can be used or converted to a SaaS (first or third-party) solution (~15%)
What’s left is then exposed to existing SaaS/PaaS solutions before being:
- Converted to Azure PaaS solutions
- Optimized for (and subsequently moved to an) Azure IaaS VM
- Left unchanged and lift n’ shifted to an IaaS
How quickly that remaining data is converted or optimized is determined like so:
First to Move (~35%)
- Basic web apps
- Advanced portals
- Any new solutions
- Any re-architected solutions
Next to Move (~10%)
- High I/O OLTP (Online Transactional Processing)
- Regulatory and high business impact
Hard or Costly to Move (~5%)
- HVA systems
- PK3 systems
- Legacy source control
And after all that, only about 5% will remain on-premises.
As you can see above, modernizing your company’s approach to modernization in the cloud doesn’t have to be needlessly convoluted. The move the cloud is always changing and innovating, so be sure to prepare for a long, constantly evolving journey!