Out of Office: Identifying & Managing Risk
March 13, 2018
Security
Risk Management is an important part of IT. Being able to identify risks and remediation options can make a huge difference if or when disaster strikes. If you've moved part of or all of your enterprise to Office 365, you now have no control over a large portion of your IT environment. But what sorts of risks do you face, and how do you deal with them?
OFFICE 365 IS UNAVAILABLE
It has happened in the past where Office 365 has become unavailable for one reason or another. There is also a very high likelihood of it happening again in the future. One of the great things about using a cloud-based platform such as Office 365 is that enterprise IT doesn't need to maintain large amounts of the infrastructure. One of the big downfalls is that is still their problem to deal with. But what sorts of implication could this have?
What is your organization's plan if, all of a sudden, Exchange Online is unavailable? Will it grind things to a halt, or will it be a minor inconvenience? The same holds true for services such as SharePoint. If all of your critical marketing material is in SharePoint Online and the service goes down, will your salespeople be left high and dry?
MEASURING RISK
Not all risk is equal. Chances are that the risk of a user deleting a document won't have the same impact as something like inbound email coming to a halt. That is why you need to measure these risks. You'll want to consider the likelihood of an event occurring, and what the impact will be if it does.
Why is this step important? By performing an assessment, you'll be able to identify areas that you can mitigate, or possibly eliminate, risks. Knowing their impact is extremely important to justify priorities, as well as budgets.
MITIGATING RISK
As enterprise customers, we can't control how Microsoft maintains their services. But what we can do is understand what our critical business processes are, and build contingency plans for when things fall apart.
Let's use an inaccessible Exchange Online service as an example. How can you mitigate this risk? If you are running a hybrid deployment, you might be able to leverage your on-premises services to get some folks back up and running. Other options might be services from Microsoft partners. There are, for example, services that allow you to use third-party email servers to send and receive emails if Exchange Online goes offline. When service returns, the mailboxes are merged, and you can keep chugging along like nothing happened.
If you measured your risks ahead of time, you'll hopefully have noted such a possibility.
BACKUPS
Service availability isn't the only risk. Data goes missing. Whether it is "lost," accidentally deleted, or maliciously targeted, data needs to be backed up. If you've moved any data into Office 365, you need to think about how are you going to back it up. Not only that, but what if you have to do a large restore? How long would it take you to restore 1 TB of data back into SharePoint? What impact would that window have on users?
Although a lot of the "hands-on" management is removed from IT shops when they migrate to Office 365, that doesn't mean that their core responsibilities are shifted. At the end of the day, IT staff are responsible for making sure that users can do their jobs. Just because something is in the cloud doesn't mean that it will be problem free.