THE SECURITY OF HOSTED EXCHANGE FOR SMBs



Similar documents
FileCloud Security FAQ

Internet threats: steps to security for your small business

Hosted Exchange Services

AVeS Cloud Security powered by SYMANTEC TM

InsightCloud. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS?

How To Achieve Pca Compliance With Redhat Enterprise Linux

Dedicated IT Support. BEFORE You Need It. Save Time, Money and Headache.

How To Get The Most Out Of Your From Your Mail Server (For A Small Business)

eztechdirect Backup Service Features

redcoal SMS for MS Outlook and Lotus Notes

Remote Services. Managing Open Systems with Remote Services

THREE KEYS TO COST-EFFECTIVE SECURITY FOR YOUR SMALL BUSINESS

Extending Threat Protection and Control to Mobile Workers with Cloud-Based Security Services > White Paper

A 123Together.com White Paper. Microsoft Exchange Server: To Outsource Or Not To Outsource The affordable way to bring Exchange to your company.

Is online backup right for your business? Eight reasons to consider protecting your data with a hybrid backup solution

Comparing Alternatives for Business-Grade File Sharing. intermedia.net CALL US US ON THE WEB

MICROSOFT EXCHANGE SERVER 2007 upgrade campaign. Telesales script

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Microsoft Windows Intune: Cloud-based solution

UNCLASSIFIED. UK Archiving powered by Mimecast Service Description

How To Secure Your Data Center From Hackers

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

BUILT FOR YOU. Contents. Cloudmore Exchange

Woodcock-Johnson and Woodcock-Muñoz Language Survey Revised Normative Update Technical and Data Security Overview

Stable and Secure Network Infrastructure Benchmarks

Cloud Failover Appliance

Better protection for customers, and recurring revenue for you!

Security Overview Enterprise-Class Secure Mobile File Sharing

MANAGEMENT SOLUTIONS SAFEGUARD BUSINESS CONTINUITY AND PRODUCTIVITY WITH MIMECAST

The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency

Achieve more with less

White Paper. BD Assurity Linc Software Security. Overview

Guardian365. Managed IT Support Services Suite

WHITE PAPER NEXSAN TRANSPORTER PRODUCT SECURITY AN IN-DEPTH REVIEW

2012 Endpoint Security Best Practices Survey

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

Saf April Saf Helping your business reach further with hosted at UK based, ISO 27001, Tier 4 data centres.

Created By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee

V1.4. Spambrella Continuity SaaS. August 2

SNAP WEBHOST SECURITY POLICY

COMLINK Cloud Technical Specification Guide CLOUD DESKTOP

Mobile Admin Architecture

Projectplace: A Secure Project Collaboration Solution

IT is complicated. There are so many moving pieces and parts, and your business is dependent on all

Whitepaper. 10 Reasons to Move to the Cloud

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

Cloud Computing Security: Public vs. Private Cloud Computing

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance

Ensuring the Security of Your Company s Data & Identities. a best practices guide

Media Shuttle s Defense-in- Depth Security Strategy

Overview. Timeline Cloud Features and Technology

Cloud Assurance: Ensuring Security and Compliance for your IT Environment

DOWNTIME BREACHES DATA LOSS. SYMANTEC TECHNICAL SERVICES HELP YOU AVOID THEM.

Dropbox for Business. Secure file sharing, collaboration and cloud storage. G-Cloud Service Description

WhatsUp Gold v16.3 Installation and Configuration Guide

TECHNOLOGY OVERVIEW INTRONIS CLOUD BACKUP & RECOVERY

68% Meet compliance needs with Microsoft Exchange. of companies send sensitive data via .

Brainloop Cloud Security

TENDER NOTICE No. UGVCL/SP/III/608/GPRS Modem Page 1 of 6. TECHNICAL SPECIFICATION OF GPRS based MODEM PART 4

Out-of-Band Multi-Factor Authentication Cloud Services Whitepaper

Building a Business Case:

Office 365 Windows Intune Administration Guide

Office Technologies Managed Services Professional Services. SERVING OVER 18,000 CUSTOMERS IN THE NYC & TRI-STATE AREA tomorrowsoffice.

Symantec Protection Suite Add-On for Hosted and Web Security

The Sumo Logic Solution: Security and Compliance

This white paper from Stylusinc describes how enterprises benefits by migrating to Microsoft Office 365 and how it is bringing about a sea change in

Compulink Advantage Cloud sm Software Installation, Configuration, and Performance Guide for Windows

2008 Small Business Technology Trends Survey: A Peer Perspective on IT in Small Business

Case Study: Security Implementation for a Non-Profit Hospital

Surviving the PST Nightmare

Driving Company Security is Challenging. Centralized Management Makes it Simple.

HIPAA and Cloud IT: What You Need to Know

How To Understand Your Potential Customer Opportunity Profile (Cop) From A Profit Share To A Profit Profit (For A Profit)

Understanding Layered Security and Defense in Depth

Copyright 2013, 3CX Ltd.

Advanced Service Desk Security

Robson Communications Hosted Exchange Whitepaper

SRG Security Services Technology Report Cloud Computing and Drop Box April 2013

Xerox Mobile Print Cloud

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

Five keys to a more secure data environment

ShareSync from LR Associates Inc. A business-grade file sync and share service that meets the needs of BOTH users and administrators.

MAILGUARD LIVE. Continuity. Trust the innovator to simplify cloud security

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

EXTENDING THREAT PROTECTION AND CONTROL TO MOBILE WORKERS

RL Solutions Hosting Service Level Agreement

The Education Fellowship Finance Centralisation IT Security Strategy

Do You Know Where Your Messages Are?

IBX Business Network Platform Information Security Controls Document Classification [Public]

Library Recovery Center

Locking down a Hitachi ID Suite server

How To Backup Your Hard Drive With Pros 4 Technology Online Backup

Google Identity Services for work

The Hidden Dangers of Public WiFi

techsafe Features Technology Partners th Street - Vero Beach, FL (772) Page 1/

Secure, Scalable and Reliable Cloud Analytics from FusionOps

SECURITY AND PRIVACY ISSUES IN A KNOWLEDGE MANAGEMENT SYSTEM

Enterprise Data Protection

Managed IT Services. Eliminating technology pains in small businesses

Transcription:

THE SECURITY OF HOSTED EXCHANGE FOR SMBs In the interest of security and cost-efficiency, many businesses are turning to hosted Microsoft Exchange for the scalability, ease of use and accessibility available in the Cloud. Gold: C: 7, M:0, Y: 100, K: 28 Black: C: 23, M:2, Y: 0, K: 77 Grey: C: 3, M:0, Y: 0, K: 32 Hosted Exchange is the Secure Choice Regardless of your industry, email is the lifeblood of business in the 21st century. Smartphones and tablets have extended the access and value of email outside the corporate walls for a workforce that desires to operate worldwide 24 hours a day. This discussion will focus on the benefits of hosted Exchange 2010 email with regards to scalability, ease of use, security and accessibility, and why these are important factors to selecting an email service program that will maximize business efficiency. Unfortunately, if you are not an enterprise with a large, dedicated IT team, you are often forced to compromise on important email features such as availability, secure connectivity and personal archiving. Cloud based email makes it affordable to implement enterprise-grade capabilities at an inexpensive and consistent per user cost. There is no additional software or hardware to buy or consultants needed to implement hosted Exchange; and you can scale up or down your number of users easily as your business needs fluctuate. It is common for businesses, regardless of size, to have one or many resources on their IT staff dedicated to email. It is the first application that generates complaints to IT due to performance issues, outages, or lack of features such as self-service recovery of deleted email. Email is also the first point of entry by attackers using spam, malware, phishing and viruses. Even RSA, the company that provides security products to enterprises and government agencies, fell victim to an email attack that resulted in attackers gaining control of the company s file systems. A recent study has shown that 40 percent of all targeted attacks since 2010 were focused on small businesses with less than 500 employees, compared to 28 percent that were directed at large enterprises. The same study surveyed 1,900 organizations worldwide, and 46% indicated that a targeted attack would result in a revenue loss for the organization. While IT can implement training and education to users to minimize your risk of threats and attacks, security is improved by both meeting the demands of your always-on and mobile workforce, while having security mechanisms in place that are as transparent as possible to users. While most small and medium businesses are familiar with many types of security threats to their business, not many businesses take the precautions necessary. A recent poll by Symantec Corp. found that most SMBs do not see themselves as targets, and are therefore, not taking action against their susceptibility to an email attack. Luckily, the Cloud allows SMBs to take action, and be proactive with layers of built-in security precautions.

Integrity of Connections When users connect to a hosted Exchange provider, they are likely using an internet connection instead of a corporate network or VPN. This is a convenient way to allow users to access their email with Outlook whether they are in the office, at home or traveling. Although they can always connect securely to Outlook Web Access (OWA) in a web browser, Outlook provides the benefits of being integrated into the desktop and applications, along with plug-ins users might have for web conferencing and collaboration. Securing this connection for an enterprise can be achieved through a virtual private network (VPN), but it is easier to implement RPC over HTTPS, which is a very simple and effective way to provide email security in a protocol that computers, mobile devices, routers and firewalls can implement Cloud providers offering Microsoft Exchange 2010 have implemented RPC over HTTPS as a way to secure the connections of your workforce for their Outlook clients, smartphones or tablets. RPC over HTTPS provides three levels of security: 1. Security through the web proxy server 2. SSL encryption of your email and RPC proxy verification 3. Restriction on RPC proxy level as to what email servers can receive RPC over HTTPS With RPC over HTTPS, users no longer have the complex responsibility of establishing a VPN connection to the office with the time and overhead latency required each time they need to check email. Using cloud based email, your environment is more secure, since you no longer need to have an open firewall to manage and monitor constantly for threats. Hosted Exchange providers have deployed sophisticated environments with dedicated and trained security staff to ward off threats behind the scenes 24/7. Physical security is just as important as network security. Hosted Exchange providers have years of experience operating in data centers with multiple control levels of security. Access to the servers, both physical and logical, is controlled through operational policies and monitored for compliance. When your email is backed up, it is in a controlled facility, not in a box of tapes or disk drives in a closet, where they can easily be misplaced or not properly wiped when they are no longer needed. Email Confidentiality Hosted Exchange providers also offer the latest features for customers that are unlikely to be deployed at most onpremise environments. Even though your connection to the Exchange server can be secured, some customers require email to be encrypted so that only the intended recipients can read the message. This is an invaluable feature for companies that share sensitive information that they need to secure from unauthorized employees or outside attackers. Two ways that server side email encryption is deployed include policy based content management and self-encryption. Policy based content management creates rules that scan emails for compliance, such as HIPPA (The Health Insurance Portability and Accountability Act), GLBA (Gramm-Leach-Bliley Act), or PCI (Payment Card Industry) and encrypt the email if it detects sensitive information such as social security and bank account numbers. This is the easiest type of encryption to implement for companies. User emails are automatically encrypted and administrators can control the settings that determine which emails are encrypted in order to ensure the company is compliant with their security, industry, or regulatory compliance rules. Self-encryption allows end users to force emails to encrypt ad-hoc. For law firms and professional service firms and organizations, self-encryption helps maintain trust with their clients in their communications.

One advantage of an on-site active directory server is central policy definition for passwords. A hosted Exchange email service can provide integration into your domain controllers that extends passwords and policies to your external email service. By enforcing strong passwords that need to be changed on a periodic basis, businesses can improve the security for their users and the overall environment because email servers are under attack constantly. It is not the servers that are vulnerable to brute force attacks, but dictionary attacks on user s login credentials as well. Dictionary attacks use common words and phrases in an attempt to hijack a user s login and gain access to their email. A dedicated on-premise authentication store and hosted email provider should support both integration and flexible configuration of password policy rules that can prevent successful dictionary attacks. Email has transformed from a simple notification and messaging tool into a sophisticated collaboration and management platform. Attachment of documents, presentations and spreadsheets are standard ways of collaborating, but this behavior creates security and management problems for IT. As mentioned earlier, nefarious email attachments is one of the most successful ways that attackers gain control of computers in your environment to steal data, spread malware or instigate attacks on other computers. Businesses can reduce this threat by instituting collaboration tools outside of email, such as SharePoint, which does a much better job of version control and data management. By managing your files in another collaboration tool, it forces users to authenticate (log in) to another service in order to upload, share, or download documents. It is much more difficult for an attacker to break into SharePoint, compromise files, and then distribute the corrupted file to users. Attacks like this are more easily detected versus emails with attachments sent by outside companies. Tools like Harmon.ie offer an easy integration of SharePoint and Outlook, automatically taking attached files and publishing them to your SharePoint service, then sending a link in the email instead of the attachment. Another advantage of using integrated collaboration tools instead of email for your files is that it simplifies archiving. The growth of available storage for end users has matured tremendously and unfortunately to the point where users do not consider the ramifications of having local archive stores that are several gigabits in size. IT is still responsible for storing these archived PST files in servers, scanning them for viruses and including them as part of their backup processes. This wastes time and money and creates inefficiencies when users must retrieve archived email. A better option is to run an archiving service on a central server, not on individual computers. With a centralized archiving service, IT can monitor and manage the security and storage of email more efficiently. However, this again requires sophisticated IT staff, hardware and software to implement properly. Many hosted Exchange providers today offer affordable archiving services for the entire corporation. The job of the IT admin is improved with portals that offer policy control and global searching of archived emails, without having to manage servers, disk arrays and tapes. The security of archived emails is also improved because the data resides only in a centralized server that IT has control over not on end user computers that are susceptible to loss, theft or attack. Maximize IT Staff s Flexibility & Availability IT departments are always challenged to stay one step ahead of users that are constantly circumventing IT policies and systems. When a company s email service is down, employees will likely revert to using their personal email in order to continue to conduct business. This is a massive security risk to your company s files and information. Having a highly available and scalable Exchange service for your users can help assure the IT department that their security policies regarding email are always followed. Hosted Exchange providers can offer up to 99.999% uptime reliability, which translates to about 5.25 minutes of downtime per year, or 6 seconds per week. It is common that your IT department spends a majority of its time on break-fix, that is to say, repairing issues that always seem to arise with your network, servers and workstations. One way that IT attempts to stay ahead of repairing issues is to patch servers and workstations with the latest updates. However, this process is time consuming and must

be done off-hours to avoid disruptions. It is also frequent with Microsoft issuing about 15 patches and updates each month for your operating system and Exchange server. With a hosted Exchange provider, they take care of all the updates and patches, while keeping your email running on redundant servers so there is no disruption to your business. Since they maintain hundreds of servers and tens of thousands of email accounts, they are experts at maintaining the security of the email systems. Unless you wish to have a full-time, dedicated email server expert, the power of a hosted Exchange provider allows your IT staff to focus on improving your business and creating new opportunities. Summary The cost of server hardware for businesses has dropped significantly in recent years, creating an interesting opportunity for businesses to run their Exchange email on-site. Furthermore, virtualization, management tools and low-cost backup options make it easier for your IT staff to manage your Exchange service in house. However, the cost of running hosted Exchange is still much higher when factors such as staffing, outages to business, maintenance and power and cooling are factored in. Even with the entire infrastructure in place, security is sometimes the last issue that is addressed, and at that point, the budgets have been spent. Hosted Exchange providers simply have more experience, operational efficiencies and access to better software, hardware and security solutions than most companies outside the Fortune 100. Unless you believe that your IT staff has the budget to implement better security, and that your email strategy is a differentiator to your business, it is worthwhile to consider the performance, cost savings and security benefits of hosted Exchange.

Works Cited 1. About RPC over HTTP Security ; Windows Dev Center Desktop, [ ], 7 Sept. 2011 <http://msdn.microsoft.com/en-us/library/windows/desktop/aa378642%28v=vs.85%29.aspx>. 2. Half of SMBs Believe they are Immune to Targeted Cyberattacks and Failing to Implement Basic Internet Safeguards ; Symantec Corp., [ ], 16 Nov. 2011 <http://www.symantec.com/about/news/release/article.jsp?prid=20111116_01>. address web email phone 6560 S. Greenwood Plaza Blvd. #400 www.verecloud.com info@verecloud.com 877.711.6492 Englewood, CO 80111

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information