23 May 2017
Join CEO Ronnie Altit and PM Gary Cohen in their chat about transitioning to Office 365 and the various considerations involved.
Stay til the end for a special behind the scenes look!
SOME KEY POINTS IN THE VIDEO INCLUDE
[00:00:15] It’s interesting because it’s actually less about what they expect when they’re there, it’s more about what they don’t think about when they go into Office 365.
[00:03:21] What we’re able to do is actually start to set up some triggers so we can look for anomalous situations like that and have them provide alert.
[00:04:33] I think what’s also important to talk about is once the data’s in 365, people don’t realize as well that it still requires a backup strategy.
[00:05:12] Backup as a Service gives an insurance policy and also makes it really quick to be able to recover.
[00:10:55] That’s what we do with our service, is that we’ll put in the right flags that people need to work out.
READ THE TRANSCRIPT
Gary: Hey, Ronnie, we’ve a got a number of customers nowadays that are talking or actually transitioning to a Cloud service like Office 365. What can they expect once they’re there?
Ronnie: It’s interesting because it’s actually less about what they expect when they’re there, it’s more about what they don’t think about when they go into Office 365. What we often get asked from our clients is, “I’m going to move all of my data into 365 and Exchange Online, SharePoint,” et cetera. There’s almost like this assumption that they’re going to pick it up and move it, and when I get it there, there’s nothing else I need to do.
The reality is, what the service is providing is the infrastructure and the application, to make sure it’s patched, it’s secure, et cetera, in it’s own enclave. All of the admin tasks, all of the things you’d otherwise have to do if that environment was, in date, still on-premises, actually, is still relevant.
A lot of clients struggle with, “I’ve got this highly paid Exchange administrator that I’ve had. Now, how am I going to leverage them to do these typical things I need to like admin tasks, user account creation, user account deletion, distribution and creation, e-discovery events.” All of the things that go into a day-to-day Exchange admin that they still need to do even though they’re not worrying about the actual server itself and the application, all that sort of stuff.
Similarly, when it gets to moving data and flies onto SharePoint, there’s still a lot of task and a little reporting that needs to be done. You still need to consider how you’re going to backup that data, et cetera. There’s still very, very relevant things that quite often our clients don’t necessarily think about at the time that they’re looking to transition.
Gary: But all that BAU stuff that we’ve always done in the past, patch management, the monitoring side of things, do we still need to do that?
Ronnie: No. Patch management, monitoring, no. Absolutely, admin still has happen. User creation, user deletion, distribution of these groups, all of those things still need to happen. That stuff doesn’t go away. Someone’s still got to do that. When it comes to reporting, you still need to report. In fact, once you’re into 365, it’s even more important that you start reporting on what’s going on in there because you actually have less eyes if you’re not careful. Being able to report on things like what are my users actually using?
When they go to 365, depending on the license that they buy, E1, E3, E5, et cetera, they gain access to so much more than what they previously had when they’re on-premises. All of a sudden, it starts to become a different thing, like, “Okay, I’m an E3 user so my users have access to SharePoint online, to OneDrive, to Skype for Business. How much have I actually used in that?” Are we getting the most value for money out of what we put in place?
Being able to report on things like that, on license utilization, on how much mailbox quarter have they got. Are they leveraging online archives? If it’s SharePoint Online, what’s the growth of the SharePoint? Has it grown dramatically in the past two weeks? Those sorts of things are still really important. The least of which is the whole security posture around it. How will people configure who’s got access to it?
It’s now up in the Cloud. You want to make sure you always got a good eye on what’s running up there in the Cloud, who’s got access, what are they doing, what do they do day-to-day? Also because that’s Cloud-based, it’s actually accessible from anywhere. Now, you’ve also got to think about who’s accessing this data. What we’re able to do is actually start to set up some triggers so we can look for anomalous situations like that and have them provide alert to say, “Hey, Gary’s logged in here this morning.” Three hours later, he’s logged in 5,000 kilometers, 5,000 miles away. That’s just not going to make sense.
Those kinds of things are things that we can look at and trigger those automatic flags, if you like. Now, you’ve also got to think about who’s accessing this data? Things like, “Did Gary log in today and Sidney at nine o’clock in the morning?” And at one o’clock in the afternoon we see a log in come from Gary out of somewhere in South Africa, for example. Well, hey, that’s anomalous. What’s going on there?
Being able to track that and to be able to report on that, to be able to alert on that and see what’s going on starts to become a lot more important than when Exchange was in your own environment. You had a lot of perimeter around it and did all your own security things. Now it’s out there in the Cloud, it’s exposed. There’s a lot of things that still need to happen to be able to say, “I have a strong reliable environment that I know is safe, secure, and I can report on it.”
Gary: As the service stands today, how do we present those reports to the partner or to the customers?
Ronnie: Before we get into reporting, I think what’s also important to talk about is once the data’s in 365, people don’t realize as well that it still requires a backup strategy. The data’s out there and Microsoft replicates it. They do all that wonderful stuff. You could be on legal hold, for example, but you still need to have a backup strategy for that data. We always start talking to our partners and our partners’ clients about how do you actually create a backup strategy for 365, so that when you do need to do a restore, you can do so very quickly.
Actually, you can certainly do restores through 365. They just tend to be quite tedious and they can take quite a long time with the process you need to go through. Backup as a Service gives an insurance policy and also makes it really quick to be able to recover. Things like get a CryptoLocker virus, how do we rollback really quickly? That kind of stuff.
Gary: When you say to recover or to restore quickly, give me a few examples about this. Because what we normally see is when you restore data, it should come back in a format that we’d backed it up. How does this service differ?
Ronnie: With the Backup as a Service that we’re selling through our partners to their clients, that very much enables us to take, for example, a mail that needs to be recovered and pop it straight back where it was. Same with the SharePoint file or a OneDrive file, pop it straight back there as soon as we need it. Whereas the approach you’d otherwise have to take is to go and discover it, and then put it back into one place, and then copy it to Azure, and then move it in. This is a whole process. That’s one of the key differentiators when we do the backup.
Gary: What are some of the concerns out there when it comes to security of 365? How can we manage this and be a lot more proactive? What are customers doing?
Ronnie: A large part of one’s datas moving in the Cloud, you lose sight, you lose eyes. You just don’t get that visibility to what’s going on. You don’t necessarily have all the same alerting mechanisms that you would have if it’s an internally controlled type environment.
I think it was one of your clients actually when we were talking to them, they’re in 365 today. They were concerned that one of their users was going rogue. This user, it’s like, “We’re starting to see some stuff leak into the market. We think it’s this person.” That’s when he’s going to really start having the right toolsets to be able to do that discovery, to circle, “What has that person been doing?”
If you remember what we found in that one, you’d probably remember better than I do. What have we found? We found that that particular user was a senior person in the organization. Remember the executive that had three different people we delegated access?
Ronnie: And they weren’t all EAs, is that right?
Ronnie: That raised a red flag. I think we also found that that person hadn’t changed their password. Their password was in an Insentra file.
Gary: Their password was set to not to expire, ever.
Ronnie: Exactly. For a senior person in the business, we don’t want any people change their passwords, but the risk of that– Okay, don’t make them change their passwords but at least have two factor authentication. How do you know whether that’s turned on? Things like, “Okay, I’ve got a senior person in the business, do I have legal hold turned on?”
A lot of people think, “Well, I’ve got legal hold.” It’s great. Often, when we’re running our tools across and we’re doing some reporting, we see that they actually don’t have legal hold turned on everywhere. An IT admin will go, “Yes, we’ve got legal hold turned on.” How do you know? It’s those things that’s really important that we ought to get visibility to.
Gary: Another example of that was this executive had a number of people that had access to their mailbox. Three out of the five people, actually, we’re no longer with the company but were still active.
Ronnie: Really? I didn’t know that. That’s even worse.
Gary: That could be a challenge to have visibility around that as well.
Ronnie: That’s the thing. You just put it up and go, “Great, someone else’s problem,” but it’s not. It’s still your problem. When you look at the whole DOP, for example, what has the user actually done end to end? It’s not just about, yet, their mailbox is secure, that’s more about what are they doing. What SharePoint files are they working on? What OneDrive files? Who are they sharing them with? How did they share those files out?
If you don’t have the right ability to investigate that, and do it quickly, that’s the key. You could sit there and dig through logs. If you haven’t tried to look at an audit log, I haven’t, I just keep getting told that they’re a nightmare to look at. Unless you got a way to visualize that really quickly, you’re actually not even going to keep up with the business requirements of, “Hey, what’s that person doing compliance wise,” et cetera. That’s why it’s really important to have those kind of discovery audit capability in there too.
Gary: How do we make sure that personal data is secure and managed within organizations?
Ronnie: That’s such a hot topic at the moment. Obviously, with GDPR happening in the UK, with the privacy laws changing in Australia, and of course, the already super litigious environment in the US. We’re finding that in each of our different locations where we’re present, which is those three locations primarily, firstly, be able to know what the private information.
Secondly, to be able to say, “Okay, what’s happened with that private information? Has it leaked out?” If there is a data leak somewhere, being able to have the information at the ready to say, “Who actually did something with that file? Where has that file gone?” And actually follow it through its lifecycle.
For example, if you had some top secret information that’s sitting on SharePoint, and you wanted to make sure it wasn’t being leaked out, and you wanted to make sure the access rights were only the people who should have access to it. Being able to get, again, eyes into that so that you can see, “Hey, you know what? Gary’s got access to that file. What the hell has happened there?”
Not only working out that Gary has got access but being able to go forensically back and say, “How did Gary get access? Which admin gave Gary access? Why did that happen? Where was the change process,” et cetera. As the privacy and the requirement now for organizations not just to maintain the right levels of security around it but also to report when there has been a breach.
[00:10:28] It’s really important for an organization to understand where the breach has come from, and then know what they need to do to mitigate that. Again, without the eyes, you’re not just going to know.
Gary: A lot of the stuff we can pick up is after the fact. What can we do to look at trends before that happens?
Ronnie: From a security?
Gary: From a security perspective?
Ronnie: Again, with the toolsets, understanding what are the key flags that you want to track, and then putting the right alerts in there. That’s what we do with our service, is that we’ll put in the right flags that people need to work out, “Hey, we want to be very careful that this doesn’t happen to that, this doesn’t happen. We want to know when this happens,” et cetera. Set it up accordingly so that we’re alert and we can jump on it immediately, and make sure that it’s not going to be a drama.
ABOUT GARY COHEN
As Practice Manager of Insentra, Gary is responsible for two portfolios: Enhanced Support Services & Application Delivery and Mobility. With 17 years of experience in the role, Gary excels in managing and maintaining technical teams and initiating, developing and supporting relationships from medium to large enterprise clients. He specialises in design, implementation and operation of enterprise IT infrastructure and line-of-business applications with respect to business objectives.