Who Really Needs Their Own Exchange Server?

Who Really Needs Their Own Exchange Server?

Nobody thinks they need their own private Post Office to send a letter.  In fact, nobody has built their own Post Office since the likes of William Penn, Alexander Hamilton, and Benjamin Franklin.

Yet many corporate managers feel they must have their own on-premise server running Microsoft Exchange to provide email and other messaging services for their users.

Cost?

Based merely on distributing the base cost of an Exchange Server among fewer than 50 users it becomes instantly apparent that small companies find it all but impossible to justify the cost of having their own Exchange Server.

Every analyst who tries to arrive at the exact number of users it takes to justify the expense uses wildly different variables and arrives at just as wildly different numbers.  One hosted Exchange provider claims you need to have more than 400 users to justify purchasing your own, while another claims, verbatim, “Unless you’re managing 5,000 seats or more you should not be in the game.  The one guarantee I can give you is that you will lose money if you’re trying to build out your own infrastructure with less than 5,000 seats.”

Those who demonstrate that the price per month per user multiplied by the number of users and then by 12 produces a large number that is far more than the price of their own Exchange Server.  They often do not take into account the hidden costs of owning your own, which according to RackSpace include:

  • Annual hardware costs—servers, firewalls, load balancers, operating systems, data center costs and power
  • Depreciation of existing hardware and costs of hardware refreshes
  • Financing of servers, storage, software, firewalls and load balancers
  • Exchange licenses
  • Maintenance and repair costs
  • Client software (Outlook) installation and maintenance
  • Storage costs—SAN, DAS or NAS
  • ActiveSync or BlackBerry Mobile Messaging—BlackBerry licenses, BlackBerry admin, BES Server, SQL
  • Staffing costs—staffing related to the design, deployment, hosting, administration and support of hardware, software, storage and mobile devices
  • End-user administration costs—staffing related user/mailbox administration

Now try to do the math.

 

Privacy?

Time and experience have demonstrated that hosted service providers of any type always invest far more in data and network security to preserve the privacy of messaging and other data than most any individual company would, and they are doing so very effectively.

Also, the Verizon 2015 Data Breach Investigations Report clearly indicates that from 85 to 90% of all data threats are executed by an internal actor rather than from outside.  That has been their report every year since 2010.  The majority of the people who will most likely try to breach your email are on your premises where you want to put that Exchange Server.

So the desire for privacy of messaging data is very likely better served outside your own four walls where only 10 – 15% of the people who are trying to get at it are located!

Messaging Strategy

There are many more logistic and other pragmatic reasons why your company will prefer hosted, cloud, or on-premise email.  As with most things cloud, one size does not fit all.  If time has come for you to upgrade, improve, or otherwise change email platforms, this is a good time to consult with your CloudStrategies Advisor for help creating your most cost-effective messaging strategy.

 

Protecting Office 365 and Microsoft Azure from Emerging Threats

Protecting Office 365 and Microsoft Azure from Emerging Threats

Trust.  It’s perhaps the main element in any decision you make regarding computer & communication services for your company and yourself.  You need to feel you can trust your provider to keep your data secure, your personal information private, and your communications protected from eavesdroppers.

Millions of people trust services like Microsoft Office 365 with their most prevalent communications, including email using Exchange Online and instant messaging, voice and video over Skype and Skype for Business (formerly Lync).  While it is likely that they implicitly trust these services because they are provided by Microsoft, the world’s largest software company, you should stop to ask what it actually is that Microsoft is doing to earn this trust.  Yes, they have vast resources, but what are they doing with them?

A post on the Office Blogs from the Office 365 Team answers this question very thoroughly.  “From Inside the Cloud: What does Microsoft do to prepare for emerging security threats to Office 365?” introduces us to Chang Kawaguchi, a group engineering manager for security for Office 365, Travis Rhodes lead security software engineer for Office 365 and Vijay Kumar, a senior product manager for Office 365.  These are three of the people who spearhead Microsoft’s strategy for keeping Office 365 and Microsoft Azure cloud services secure and trustworthy.

Assume Breach

The post features an excellent short video that describes several of the security strategies employed by the group, beginning with one that would seem to just be common sense: Assume people are trying to break into your network and data at all times.  Constant vigilance.  Oddly, most people seem to assume that nobody would ever bother attacking them.  Microsoft invests heavily in an “Assume Breach” approach which causes them to constantly be on the lookout for new threats.

Color War!

Assuring viewers that no customer data is ever threatened or even touched in their work, the video describes the work of the “Red” and “Blue” teams constantly “at war” with each other to battle-test the armor that protects these systems.

The Red Team, “an internal dedicated team of “white hat” hackers from varied industry backgrounds such as broader technology industry, defense and government,” constantly conduct penetration testing on Microsoft’s systems.  Counterbalancing them is the Blue Team, “whose role it is to monitor activities within the system to detect anomalous behavior and take action. As hard as the Red team is trying to find and exploit vulnerabilities the Blue team is trying to detect, investigate and mitigate security events.”

As the post concludes, “The combined efforts of our teams go toward improving detection by evolving our machine learning algorithms for the detection of anomalous activity as well as incident response.”

Any IT manager responsible for system security will find valuable insight in this post and the included video.  Those wishing to continue to learn more should regularly visit the Red team blog.  If you have any questions about anything you read, please reach out to your CloudStrategies Advisor for more information!

MFA – Great security enhancement or productivity buzz-kill?

MFA – Great security enhancement or productivity buzz-kill?

We’re a little more than a month into turning on Office 365 Multi-Factor Authentication (MFA) for everyone at CloudStrategies. My aim here is to share some thoughts and observations around the experience of using the technology across all my various devices. Is MFA a great way to secure our Office 365 tenant or a productivity buzz-kill? Within the first few days – I would have said a definite yes to both those questions. After a little more time using it every day, I still believe in the security benefits, but have warmed up enough to feel a little less productivity challenged.  More than that, I feel comfortable that I’m taking reasonable and prudent measures to protect access to our systems and data while leveraging the investments we’ve already made in Office 365.

So – let’s start with level setting on what MFA is, and why I believe more and more businesses are going to deploy it sooner than later. Frequently referred to as 2-factor authentication, MFA is technology that requires that a user not only have a username and password to access technology platforms, but instead also prove that they possess something as an additional level of security before accessing systems. The classic example that’s in everyone’s wallet is a debit card. The card without the pin isn’t useful, and the pin without the card doesn’t get you money from an ATM either.

Years ago I carried an RSA SecureID token that had a rotating number on a screen that I needed to have with me at all times to access corporate platforms. The geek in me thought it was cool to carry with me on my key-chain – but the user in me quickly found it difficult to have to sign-in to a VPN before I could do any work from outside the office. Though it may have been subtle, it definitely was enough of a pain that I wouldn’t bother signing in for anything other than a very specific purpose or goal – thus discouraging me from doing as much work as I otherwise might have from outside of the office.

Today, with Microsoft’s implementation of MFA for Office 365, I have a similar feeling of security as I did with my RSA ID, but yet, for my main devices and applications, I also have a sort of “fast pass” that makes the productivity hit much more manageable.

There are two core components of MFA that end users will learn to manage. The first is very much like the RSA experience – though it primarily is delivered through an App on the end users cell phone. The second is called an App Password and can be used as a one-time code for any application that needs to access an Office 365 resource on a regular basis (in the background) – such as email clients, OneNote, calendar applications, cell phones, etc. Let’s talk about the experience of each of these parts of MFA:

For the first part, any time a user needs to access any Office 365 resource through a web browser – whether on their own device – or on a public device, they will start by signing in normally with their username and password. After doing so – instead of immediately gaining access their account, they will be prompted to provide a second level of authentication. For this, there are a few choices. The one I’ve been using has been to be prompted for a 6 digit number that I can only retrieve by launching a simple app on my mobile phone. When prompted for the code, I simply pull out my phone, launch the app, and wait for it to provide me with the number. The number is continuously changing – every 30 seconds or so, so you can never predict what it is and need to type in the number within a given time period. This works exactly like my old RSA token did – perhaps with one benefit in that when I’m home I find that my phone isn’t ever very far away from me – as opposed to where I kept my keys and RSA token – so I’d need to run to the other side of the house to retrieve it.

For all non-browser based access to Office 365 applications, a user’s regular password will no longer be enough to access the system. Because applications like Outlook, Office applications, mobile phone apps, etc. do not have a mechanism to support the entry of an Authentication Code, they will instead leverage a uniquely generated “App Password”. Office 365 can generate up to 40 unique 16 digit App Passwords that can be used for individual applications or devices. App Passwords, once generated, can never be displayed a second time. They are entered and stored in individual applications on a per device basis and once entered, applications function normally – without the need for a MFA Authentication Code. The security strength of App Passwords comes from the fact that they can be deleted at any time. The productivity benefit of an App Password comes from the fact that once entered, those applications no longer need to have a password entered for recurring access to Office 365.  In the event of a breach, and once an App Password is deleted from the Office 365 console, any apps that have stored that password will no longer be able to access Office 365. Think about a scenario where a device is lost or stolen – a simple action of deleting the App Password will nullify that devices ability to provide any access to anything that shouldn’t be accessed.

Security in our lives always comes at a cost – frequently restricting access or limiting our capabilities. Microsoft’s Office 365 MFA solution provides an increased level of protection with a reasonable approach to securing systems and data. Any productivity hit is likely short lived for most users and the comfort that businesses can receive knowing that users data won’t be easily be compromised through the loss of a device or the inadvertent compromise of an individual’s password.

Make Microsoft Azure Your New Data Center

Make Microsoft Azure Your New Data Center

How’s this for an IT Manager’s nightmare?  Your company today announced that it had acquired its largest competitor.  Great news!!!  You’ve just been informed that you need to double the capacity of your data center… by tomorrow.

No Problem

Put the defibrillator back in the case on the wall and relax.  This will be no problem for you.  In fact, your biggest challenge will be getting the new company to give you the new workloads that need to be accommodated by your instantly expanded data center.  It’s a snap.  It’s a breeze.

It’s Azure.

Your Data Center Away from Home

No, you won’t have to find a supplier who will ship dozens of new servers to you immediately, nor recruit a team of bug-eyed techies to stand them all up overnight.  In fact, very little coffee will be required to accomplish this feat.

Microsoft Azure lets you accomplish what may be the ideal example of the hybrid cloud in action.  However many or few host servers you may be managing in your own data center you simply provision new enterprise-grade virtual machines on Azure as you need them. You can readily bring over your existing virtual machines or create new ones, each pre-populated with your choice of operating system and the enterprise apps you need.  You run these on the Azure Virtual Network, an isolated environment where you control DNS, subnets, firewall policies, private IP addresses and more.

Workloads are by no means limited to Microsoft platforms.  You can run Windows or Linux, and enterprise apps such as SAP, Oracle, SQL, and Hadoop on Azure VMs.

Make the Connection and Manage It All As One!

Connect your on-premise data center to your Azure data center as easily as connecting a branch office using the Azure Virtual Network and ExpressRoute over either a secure VPN or private connection.  You control all the networking and security parameters on Azure with the same tools as you do your own data center.  It all feels like one thing.  It’s all managed as one.

No need for additional Active Directory structures, either.  With Active Directory for Windows Server 2012 R2 and Active Directory for Azure you bring it all together in one forest.

It’s Not Just IaaS, it’s PaaS too!

Microsoft technology meets the multi-platform world on Azure.  You can develop and deploy modern applications that run on Android, iOS, and Windows which take fullest possible advantage of cloud technology.  You get some spectacular SQL and NoSQL data services, too, which give you deep insights into your data.  This is a cloud-based developers platform with serious horsepower.

And it SCALES!

Back to our original concern, growing your data center rapidly.  Need more VMs?  Just provision them.  Need more storage, processing power, memory or other resources.  Available upon demand.

Of course, you won’t be worried about establishing redundancy to assure business continuity or support disaster recovery.  With hundreds of data centers located in 17 different regions around the world, and with both Locally Redundant and Geo Redundant storage to serve your needs no matter what, Microsoft has that covered!

Time to Talk about Your Data Center in the Cloud Strategy!

Your CloudStrategies Advisor will take you through the process of migrating your workloads and applications to Azure, giving you greater scalability, sustainability, and system certainty than ever before.  Start with our Assessment program to determine just how much IT budget you can save, and just how far you can grow with Azure.

Your Cloud Water Cooler – Preserving Camaraderie in the Virtual Organization

Your Cloud Water Cooler – Preserving Camaraderie in the Virtual Organization

A major bank chain gave the Employee of the Month award to a support person who went above and beyond.  That support person accepted the award gratefully, but sheepishly.  He wasn’t sure how to tell the executive who had presented it to him that he was not their employee.  He was an outsourced subcontractor.

Plays Both Ways

This scenario plays out in two ways, both of which require the attention of any manager who has people working in the field, on a client site, from their home, or elsewhere.

In this case, the employee was mis-identified by the client company as being their employee.

Turn that around, and there’s the employee who forgets, at least functionally, that they are employed by someone other than the company whose premises they report to every day.  Many contractors come to identify with their client as if they were their employee.

The Dark Side of the Cloud

This could be considered the “dark side” of cloud computing.  It has become so easy for anyone to gain access to their resources from anywhere at any time that more and more people are working outside the company’s premises.  While this means, in many cases, that they save amazing amounts of time that would have been spent commuting to and from the office which can now be used for productive work.  Many find they can concentrate far better in the privacy of their own home and get more done.  Companies find their infrastructure costs plummeting.

So why do we say it’s “the dark side?”

People, People Who Need People…

With all these productivity gains and expense reductions, the one thing that can be lost is the interaction between people who work together.  People often do need, or at least prefer, the company of other people during their working day.  Socializing has long been an integral part of the work experience, and the process of living their daily lives can be diminished by not having more opportunity to interact.

From a corporate perspective, the other danger is disenfranchisement.  As with any culture, companies want their people to identify with them, to share their values, to feel themselves a part of the larger company presence.  The sub-contractor who received the Employee of the Month still identified himself as working for the contractor company.  What about all the subcontractors whose identification of themselves shifts to the client company?  How long is it before the client and the contractor find themselves in a disagreement over an employee who wishes to change employers?

The Cloud Water Cooler

While many companies make admirable efforts to mitigate these risks by holding regular social events for employees to attend, these do not address the daily need for face-to-face interaction.  Interpersonal communication requires more than just spoken words to be truly robust.  Paralinguistic cues such as facial expression, posture, animatedness, and more provide a much richer experience, one that most people would suffer the lack of.

See You on the Video

Personal videoconferencing can make a tremendous difference.  Conversations held using point-to-point one-on-one videocalling do add many of the paralinguistics that make such a difference.  One obvious exception that may arguably be preferable is the lack of olfactory paralinguistics.  But facial expression, gestures, posture all come through.  Many users report that the glass of the video screen tends to “vanish” over time as they become accustomed to speaking via video.

Taking this a step further, many companies are creating video chat rooms where remote users can connect to “gather” for casual conversation, much as they would in an employee lounge.

Instant messaging, social networks, photo sharing websites and other digital environments can go a long way toward re-enfranchising the disenfranchised and renewing the sense of esprit-de-corps, the camaraderie that makes a team a team.

Your Social Cloud Strategy

As you work with your CloudStrategies Advisor to develop your cloud strategy, talk about your social networking concerns.  Keep everyone on the same page with cloud technologies that bridge the gap.

Microsoft Refines Its Focus on The Cloud

In his FY 2012 annual letter to shareholders, former Microsoft CEO Steve Ballmer first identified Microsoft as being a “devices & services” company, saying “This is a significant shift, both in what we do and how we see ourselves — as a devices and services company. It impacts how we run the company, how we develop new experiences, and how we take products to market for both consumers and businesses. The work we have accomplished in the past year and the roadmap in front of us brings this to life.”

That declaration has been further refined.

The new CEO of Microsoft, Satya Nadella, recently issued an email to all of his employees in which he declared that Microsoft would be known, going forward, as the “productivity and platforms company” in our “mobile-first and cloud-first world.”  In this blog post, we’ll explore what he meant, and what it means to all of us.

Productivity & Platforms

Fundamentally, Nadella is referring to the two services that will form the foundation of the future for Microsoft:

  • When he says “productivity” he is referring to Microsoft Office 365, the complete productivity suite which gives you the familiarity and power of Office with the flexibility of the cloud. With Office in the cloud, your applications and files are with you wherever you go, whether you’re working offline at your desktop, online, or on one of your devices. Edit files at your PC or Mac. Email or share files from your tablet. Join an online meeting from your phone. What you need is accessible from anywhere, right up front, and always up to date.”
  • When he says “platform” he is referring to Microsoft Azure, the “open and flexible cloud platform that enables you to quickly build, deploy and manage applications across a global network of Microsoft-managed datacenters. You can build applications using any language, tool or framework. And you can integrate your public cloud applications with your existing IT environment.”

Mobile-First

Going back just a few years, if you spoke with anyone about networks or computing you’d probably both be picturing a desktop or laptop computer with someone sitting at a desk doing productive work.

Today, you may be in your car shopping for a new appliance.  Instead of driving from Best Buy to Lowe’s and to Home Depot you more than likely take out your handheld smartphone device and open the app for each of those retail stores to compare their prices on the unit you’re interested in.  Perhaps you’re already in one of those stores when you find what you’re looking for and want to compare prices.  You simply point your smartphone at the “QR” or bar code on the shelf-sticker for the item, scan it, and instantly obtain price comparisons from the other stores.

Then you may sign on to your bank to make sure you have sufficient funds in your checking account to make the purchase.

Needing moral support, you text a friend to ask their opinion of your intended purchase.  They point out some reviews you might want to look at.  You email home asking your spouse to take a quick photo of the spot you have picked out to install this appliance in to make sure it will look right there.

The next day you’re heading into work and begin checking in via email with your team members… on the same device.  You go to work before you even get to work.

Cloud-First

As you’re heading to the office you check your inbox and receive a complaint from a client that you didn’t send the file they’ve been waiting for and they need it before the start of the working day.  Do you turn around and head home to retrieve it?  Speed up and drive recklessly to get to work sooner?

No.  You keep all your workfiles in Microsoft OneDrive, your private cloud storage service.  That cloud storage is automatically replicated on your office computer so when you work on a document it is automatically saved locally and in the OneDrive cloud.  Your home computer also replicates that OneDrive cloud storage, so the document was already there on your local drive to work on over the weekend at home.

Now, as you’re travelling, you access OneDrive using that same trusty handheld smartphone you’ve been using and email it directly to the client from where you are.  Problem solved.

Your Productivity and Your Platform

Turn to CloudStrategies to help you architect your platform for future productivity.  Much is changing not only within Microsoft but within the entire IT industry.  We’re here to help you navigate through all of it, finding those innovations that are right for you and your business.

How can we help? CloudStrategies Discover, Adopt, and Manage Great Cloud Solutions
Drop us a note on what type of Cloud Solution that you're interested in learning more about...