For decades, Microsoft has been and continues to be an integral part of modern business infrastructure. Therefore, it's also not surprising that many businesses are looking to the Microsoft 365 cloud platform as the next logical extension in its long, deeply rooted history.
However, like any migration to a new and exciting platform, there are a multitude of challenges—dare I say horrors—that companies of all kinds must consider before making such a major move. In the case of Microsoft 365, security should be top-of-mind as there are a considerable number of holes that can be left in the wake of a migration of this magnitude.
One of the first things to consider is the ecosystem that represents the Microsoft environment. When moving away from an outdated exchange platform, the need to update associated software will become very clear. For instance, if your company is still using a version of Microsoft Office from a decade ago, that suite of programs is going to be far less robust when it comes to security thresholds—leaving the bad guys with an open door to exploit. This is why upgrading all software is essential.
Once the actual software has been updated, the next logical step is to look at third-party Email Service Providers (ESPs). In short, a secondary provider that actually sends and receives your email on your behalf can lead to holes in your network, leaving your data vulnerable. The best thing to do is to use Microsoft Exchange as the best fit and match to ensure that all protocols speak to one another properly, leaving few vulnerabilities to breach.
Last, on the systems front, a crucial step is making sure that any and all cloud providers that are used are also vetted and secured. This simply means that any third-party apps and plugins are tested and locked down—again plugging holes where the bad guys may find vulnerabilities.
So, with the infrastructure locked down, what's next in the long list of checks and balances? At this point, people are the next key factor in the ever-present need for security.
Migrations as a whole can be an interesting animal. In fact, I often use the analogy of getting a brand new laptop. In doing so, people usually have two distinct options: migrate the entire drive from one machine to the other, bringing with it the potential of years of bad files and subsequent habits. Or, start fresh and carefully pick and choose files and software that are most needed and wanted. I would say it’s an easy choice.
It's this analogy that is the same when a migration occurs. An incredibly common issue that pops up during a move to Microsoft 365 is the potential for "old users" to come right along with everyone and everything else. An account (along with its access) that should have been deleted 10 years ago ends up being active on the new platform. This presents multiple issues. The first is the fact that someone who has been gone from the organization for any period of time still has access to files, emails, and more, is another vulnerability. Shutting these down is crucial.
But also there is the flip side of the "old user" issue. We all heard about Disney+ being compromised due to the selling of user data from the dark web—this is no different. And though I won't go into detail about good password etiquette and hygiene, people are and always will be creatures of habit. This means that if someone used the same password five years ago for their LinkedIn account—a company that has been breached—then the information including user name and password is potentially available on the dark web. This means that an old account migrated over to a new system can represent a major vulnerability point.
This same scenario is also true of single-sign-on practices. Software-as-a-Service scenarios that may be connected to Microsoft 365 should be locked down to ensure passwords aren't being shared between federated domains.
And finally, there is of course data loss. Moving to any new platform is always a risk—a square peg in a round hole for many companies where their data just isn't configured (or in this case reconfigured) properly to fit the new platform. This can be devastating. And even if data is backed up, the ability to access and read that data within a new system simply may not work. Therefore, what good is data sitting on a back-up system if it's unusable? Thus, plan for these types of scenarios and test thoroughly before hitting the proverbial "migrate button.”
In all, there are hundreds of things that organizations need to consider when migrating to Microsoft 365. The ones listed are just the tip of the iceberg. And though these horrors may exist, Calian can help navigate the perils to avoid any and all issues.
September 7, 2023
#FacesOfCalian: Oscar Morales
Get to know the Calian team with our Faces of Calian series!
August 1, 2023
Google Engages iSecurity, a Calian Company, to Conduct Assessments of Google Cloud
Google's recent decision to engage iSecurity, a Calian company, for a comprehensive privacy impact assessment (PIA) and a threat risk assessment (TRA) for Google Cloud services in Canada was a significant step towards even stronger data protection and risk management.
May 26, 2023
Meet the Experts - Kevin de Snayer
In today’s edition of Meet the Experts, we have an interview with Kevin de Snayer, Director of Cyber Solutions, ITCS, Calian.