Posts Tagged ‘Metalogix’

I am not a fan of Microsoft, especially in the area of security. As of the end of November, Microsoft had released 112 Security Bulletins in 2015. Yet many of us are absolutely dependent on Microsoft products, including Word, Excel, PowerPoint, Outlook, and SharePoint. Even if you do not run on Windows, you still likely use these Office products. Since 2010, Microsoft Office 365 provides Cloud-based software plus services subscriptions to Office products plus storage space in Microsoft’s OneDrive.

While Microsoft does not provide sales figures for its Cloud business, adoption of Office 365 and SharePoint workloads has been rapid, with over 80 million users, and could be Microsoft’s “fastest growing product in history.”

While many customers do not put highly sensitive data into OneDrive, Office 365 is compliant with the ISO/IEC 27001 security standards, the European Union’s Data Protection Directive, the US Health Insurance Portability and Accountability Act (HIPAA), and the US Federal Information Security Management Act (FISMA). On the other hand, Microsoft has admitted it will hand over OneDrive data stored on European servers to US authorities under the Patriot Act. So anything stored in OneDrive is vulnerable to access by the US government without notice or recourse.

OneDrive is not compliant with PCI (Payment Card Industry) standards, so it is never appropriate to put personal finance information in OneDrive.

Microsoft Office 365 is also priced like the Cloud: pay-for-use. You pay a set amount for each user each month depending on which options you choose. There are benefits to this payment model:

  • The costs are expense, not capital budget items.
  • The cost of the service directly corresponds to the number of users, making clear correlation between benefit and cost.
  • You have the full support of Microsoft behind these products, including those far-too-frequent security bulletins and patches. For Cloud-based applications, these security updates are completely handled by Microsoft in the background requiring no effort by your IT department or users.

The bottom line is that Microsoft Office 365 provides, in my opinion, the best environment for collaborative from-anywhere access to documents, and provides security that is probably better than what most small and mid-sized businesses provide in their own environment. One important issue is the management and control of your Office 365 environment. It is critical for the security of your data to manage your users as their roles change and especially when they leave your company, whether your data is in the Cloud or in your own data center.

A few weeks ago, I wrote about Metalogix ControlPoint, a way to monitor for suspicious behavior in SharePoint. Tomorrow, Metralogix will announce a new version of Essentials for Office 365 to optimize the migration, management, and security of collaborative data in the Cloud and on-premise. This new release of Essentials for Office 365 provides:

  • Comprehensive backup and data protection for Exchange Online, alongside the existing OneDrive and SharePoint functionality which allows IT to quickly create, manage and restore backups of site collections, lists, libraries, content mailboxes, and individual OneDrives to local or cloud storage.
  • Seamless restoration with zero downtime for business continuity.
  • Management of all user attributes including license, permission and content.
  • Flexibility to migrate to multiple Cloud services.
  • Enhanced Diagnostic Manager, including email alerts on Office 365 service status.

The last word:

You may have noticed that this post came out Monday morning instead of the usual Sunday morning. That is because the new version of Metalogix Essesentials for Office 365 will be announced on Tuesday, 8 December 2015, and information on the release was embargoed until 7 December.

Comments solicited.

Keep your sense of humor.



Read Full Post »

If your IT security folk tell you they need to strengthen your network perimeter, they are probably right. If they tell you that is all they need to do, they are probably wrong. Far too many companies are being hacked because someone stole valid credentials from an employee or a partner’s employee. As I mentioned earlier, in 2011 Lockheed Martin suffered a serious data breach of confidential defense and proprietary information because Chinese government hackers were able to steal credentials from an employee of a partner’s parent company.

Your own employees and contractors are also a security risk. After all, you have given many of them access to your sensitive information, including information protected by laws and regulations. As you move more to the Cloud and BYOD (bring your own devices), you have wittingly or unwittingly opened your network to devices and locations you cannot monitor nor control. Either by intent (e.g., Edward Snowden) or by accident, these employees or contracts could suddenly expose your information.

You can’t tell whether the credentials are used by the person you gave them to, or are being used by someone who has stolen them. In any case, if they are doing something strange, you better find out about it quickly.

The bottom line: securing content with access controls alone is not sufficient in the current threat environment.

Microsoft SharePoint is a web application platform in the Microsoft Office suite that combines content management, document management, business intelligence, workflow management and an enterprise application store across local, wide-area, and Internet-based networks. SharePoint is used by many mid-sized companies and large departments within larger companies. As of 2013, 80% of Fortune 500 companies use it, and Microsoft was adding 20,000 users every day.

If you use SharePoint either in the Cloud or just within your own datacenter, you should look at Metalogix ControlPoint. Announced on November 2, 2015, ControlPoint 7.0 adds real-time situational awareness into suspicious SharePoint user activity. ControlPoint 7.0 introduces a learning detection engine that analyzes user behavior for suspicious activity, and automatically takes action when it finds suspicious activity patterns.

Consider an employee who works primarily from the office and sometimes from home largely during normal business hours, and who looks at about a dozen sensitive documents on an average day. You might like to know if it appears like that employee is downloading hundreds of documents at 2:30 in the morning from what looks like a Chinese IP address. Actually, any of the attributes of that access are suspicious. This is the kind of activity that ControlPoint 7.0 is looking for.

ControlPoint 7.0 features and benefits:

  • Mitigates the risk of data loss due to unauthorized access to content, whether by an employee, contractor, or through the use of stolen credentials.
  • Provides audit trails of content access.
  • Provides details of content growth and user activity.
  • Provide automation of governance policies.
  • Minimizes security breaches.
  • Meets compliance requirements for access control.
  • Anticipates future IT needs for growth.
  • Eliminates human error with policy driven security across SharePoint farms.

Right out of the box, ControlPoint 7.0 will provide significant security benefits. It will take it probably two or three months to learn the behavior of your users; the sooner you start the lower your risk.

Metalogix is a Washington DC-based software company founded in 2001. Metalogix provides a unified platform to manage the entire lifecycle of SharePoint users and their collaboration content centered around optimization, security and management. In 2013, it acquired Axceler’s SharePoint business including ControlPoint for SharePoint. MetaLogix continues to put significant resources into enhancing and supporting ControlPoint; ControlPoint 7.0 follows the release of 6.0 just seven months earlier.

The last word:

The Cloud has moved on to the hybrid cloud. Get the latest insights on how to use it from top leaders (like me) in the industry.

Comments solicited.

Keep your sense of humor.


Read Full Post »