Cisco Cisco Hybrid Email Security White Paper
Best Practices In
Securing Office 365 Email
Securing Office 365 Email
Joel Snyder
jms@opus1.com
Opus One
jms@opus1.com
Opus One
1
Introduction
Microsoft Exchange deployments traditionally have depended on third-party email security gateways
for critical anti-spam, anti-malware, and mail control features such as encryption and data leak
protection. This design philosophy extends to Microsoft’s Office 365, a full-featured offering with
dozens of options and an extensive capability for collaboration and communication. However, it has
a more modest set of tools when it comes to email security.
for critical anti-spam, anti-malware, and mail control features such as encryption and data leak
protection. This design philosophy extends to Microsoft’s Office 365, a full-featured offering with
dozens of options and an extensive capability for collaboration and communication. However, it has
a more modest set of tools when it comes to email security.
The goal of this paper is to go beyond “check list” comparisons and look at how well Office 365
performs when compared to Cisco Email Security in critical edge-of-the-network email security.
performs when compared to Cisco Email Security in critical edge-of-the-network email security.
We evaluated seven specific areas in Office 365 and Cisco’s Email Security solutions (on-premise and
cloud) to see how well each product executed key requirements in:
cloud) to see how well each product executed key requirements in:
- ability to find and track messages and assist in troubleshooting;
- provide meaningful reports on message flows;
- manage zero-day incidents;
- filter spam, phishing, and other unwanted mail;
- identify advanced malware;
- prevent data loss; and
- encrypt email traffic at the enterprise edge.
- provide meaningful reports on message flows;
- manage zero-day incidents;
- filter spam, phishing, and other unwanted mail;
- identify advanced malware;
- prevent data loss; and
- encrypt email traffic at the enterprise edge.
Our testing of these mainstream features has found that Office 365’s security services don’t match
those of many on-premises and cloud-based email security gateways. Enterprise email administrators
must consider layering dedicated email security services to enhance what is offered in Office 365.
Two products working together provide a total solution, enhance end-user satisfaction, and maintain
consistency during and after the transition to cloud services.
those of many on-premises and cloud-based email security gateways. Enterprise email administrators
must consider layering dedicated email security services to enhance what is offered in Office 365.
Two products working together provide a total solution, enhance end-user satisfaction, and maintain
consistency during and after the transition to cloud services.
Many enterprises consider migration of services to cloud-based SaaS providers to also include a
migration of responsibility, not just for uptime and performance but also for security. Our testing
shows that Office 365 by itself presents greater security risks to end-users when compared to a
combination of Office 365 and Cisco Email Security. Email administrators need to be informed
about the additional risks associated with a “bare” Office 365 deployment, and should carefully
consider adding cost-effective solutions such as Cisco Email Security to Office 365 to mitigate these
risks.
migration of responsibility, not just for uptime and performance but also for security. Our testing
shows that Office 365 by itself presents greater security risks to end-users when compared to a
combination of Office 365 and Cisco Email Security. Email administrators need to be informed
about the additional risks associated with a “bare” Office 365 deployment, and should carefully
consider adding cost-effective solutions such as Cisco Email Security to Office 365 to mitigate these
risks.
1
Opus One is an information technology consultancy with experience in the areas of messaging,
security, and networking. Opus One has provided objective testing results for publication and
private use since 1983.
private use since 1983.