By ECI | Thursday, February 09, 2023
Microsoft Office is how billions of people manage tasks at work and at home. For decades, businesses installed Office on employee PCs – and then, every few years, undertook a massive, capital-intensive project to upgrade their software to the latest version.
But the personal-productivity suite is now available as a cloud-based service: Office 365. Office 365 relieves companies of the need to endlessly install security patches and roll out new versions. Instead, Microsoft continuously maintains the software, which customers access online from their desktops, laptops, tablets and smartphones. Customers benefit from secure, enterprise-class software and related services for a monthly subscription fee.
Enterprises have embraced Office 365 in a big way, with nearly 900,000 companies subscribing to the service in the United States alone. Investment firms are no exception, with many moving to the cloud in general and to Office 365 in particular.
But an overlooked advantage of Office 365 is that – depending on the enterprise tier you subscribe to – it comes with a broad range of cybersecurity functionality built in. Here’s what you need to know about how Office 365 can make your firm more secure – and how to optimize your move from on-prem Office to cloud-based Office 365.
Built-in Security From the Start
For enterprise customers, depending on the plan you select, Office 365 includes solutions such as:
- Exchange and Outlook email and calendar
- Word, Excel, PowerPoint, and OneNote productivity software
- OneDrive and SharePoint cloud-based file storage and sharing
- Teams videoconferencing and collaboration software
- Various other software, such as Access, Yammer, and PowerApps
- Various other services, such as advanced analytics
Also built into higher-tier Office 365 subscriptions are six capabilities to improve your firm’s cybersecurity posture:
1. Threat protection. Office 365 enables you to detect and investigate compromised credentials, suspicious activity in your on-prem and cloud environments, and advanced threats. For example, Microsoft Defender – built in or added on – protects against malicious links, attachments, and phishing schemes with real-time detection.
2. Vulnerability management. Many firms retain some legacy environments as they move into the cloud. Those legacy environments can contain vulnerabilities. Office 365 functionality such as Conditional Access can limit access to legacy systems, along with lingering threats.
In addition, with Office 365 you no longer have to worry about the window between when a new vulnerability is identified and when your IT department patches the software. Microsoft continually implements security updates, significantly shrinking any period of vulnerability.
3. Data protection. Office 365 protects data both while it’s stored and while it’s being transmitted. For example, built-in Azure Information Protection lets you classify, label, and protect data based on sensitivity.
The software also provides visibility into and control over how files are used and shared. Office 365 Cloud App Security, for instance, enables you to discover applications on your network and track usage patterns. You can automatically assess application risk based on dozens of factors, and then block applications based on risk levels.
4. Device management. Keeping your devices secure enables your teams to be productive wherever they work. Built-in Microsoft Intune, for example, provides cloud-based mobile device management (MDM) for unified control of both company-issued and bring-your-own-device (BYOD) tablets and smartphones.
5. Identity and access management. Office 365 secures connections among data, applications, devices, and users. Support for multifactor authentication (MFA) provides a much higher level of protection than simple usernames and passwords.
What’s more, the software’s Conditional Access capability lets you control which applications users can access, depending on whether they pass certain policy-based conditions. You can implement controls by user or user group, device, location, cloud application, device application, and sign-in risk level.
6. Compliance. Finally, Office 365 provides tools to help you assess your compliance risk and respond to compliance requests. For instance, you can archive email and enable e-discovery. You can also implement and document cybersecurity policies and their enforcement to demonstrate to regulators how you’re protecting sensitive data.
Note that not all these Office 365 security features will necessarily be configured in a way that reflects your business requirements. It can help to work with a trusted cybersecurity provider – ideally one with deep experience in both cloud environments and the financial services industry – to ensure security settings meet your unique needs. In addition, an effective managed service provider (MSP) can manage your Office 365 and other cybersecurity protections in a holistic fashion.
Optimizing Your Office 365 Migration
For many firms, the transition from on-prem Office to cloud-based Office 365 can be a big one. Several project management essentials can smooth the journey.
First, upfront design and planning is key. Make sure you fully understand and document your existing IT architecture and think through how you’ll replicate the environment in the cloud. Your Office 365 migration can be an opportunity to reduce IT complexity.
Next, take actions to avoid business interruptions. Perform major migration tasks during off-peak hours such as evenings and weekends. Migrate in a stepwise fashion to minimize disruptions to employee productivity and customer interactions.
Then, be sure to train users on how Office 365 will affect their daily tasks and on how they can take advantage of its features. Expect to conduct training both before and after the migration.
Just as important, even if you roll out Office 365 progressively, make sure you implement its security capabilities from Day One. Don’t allow cyber attackers any window of opportunity to steal data or disrupt your operations.
Finally, Office 365 can strengthen your cyber posture, but it’s not a cybersecurity silver bullet. Rather, the cloud-based service reflects a defense-in-depth approach, layering protections so that attacks that dodge one safeguard are thwarted by another. In this way, Office 365 becomes another link in your cybersecurity armor, protecting your firm so that you can focus on growing your business.