Point of View -
Jeff Ogden -
Microsoft’s announcement that it has become the first public cloud provider to open datacentres in the UAE is a cause for celebration among the Middle East’s business sector. Greater access to cloud infrastructure will be critical to power artificial intelligence and edge computing innovation.
The datacentres will offer local access to a range of productivity services, including Office 365 for email. Amazon and Google also have plans to establish local data centres over the next few years.
However, organisations’ tendencies to rely exclusively on single cloud service providers for day-to-day operations have exposed them to undue risk.
With services such as Office 365, organisations are not only putting all their eggs in one basket: They are putting all their eggs in the same basket that everyone else is putting all their eggs. Criminals know they have only one lock to pick to gain access, so they focus their attention on these cloud services because of the potentially large payoff.
As more businesses move email and data to Office 365, there’s an increased need to protect against malicious or accidental loss of data. Mimecast’s latest Email Security Risk Assessment (ESRA), an aggregated report measuring the efficacy of widely used email security systems globally, including Office 365, illustrated the scope of the problem.
Of the more than 237 million emails inspected, organisations’ existing email security systems missed more than 27,000 malware attachments, 55,000 impersonation attacks and 24,000 dangerous file types.
Microsoft offers certain protection-of-data capabilities as part of its Office 365 services, which are designed to protect against data loss caused by its own infrastructure failing.
But these services don’t always offer protection against accidental deletion, data corruption, advanced cyberattacks, or malicious users or administrators. These can often lead to downtime which can bring business operations to a standstill.
Continuity is essential to any modern organisation’s efforts to maintain productivity but is not always achievable when all business-critical applications run on a single cloud provider’s infrastructure.
It’s not only breaches, human error or technical error that can cause downtime for an organisation. Well-reported and widespread Office 365 highlight what can happen when email data becomes unavailable.
Outages pose serious productivity risks to users who rely on software-as-a-service monocultures to support their operations. Even more concerning is the possibility that employees will turn to their unsecure personal Gmail or Yahoo Mail accounts when Office 365 goes offline.
You then have absolutely no control over email activity.
Important data stored on Office 365 can also be lost due to accidental or malicious deletion or ransomware. If your organisation doesn’t have an independent backup in place, and deleted data passes through short term folders such as the Recycle Bin, Deleted Items folders or retention policies without being recovered, it is lost forever.
To mitigate the risks associated with cloud services, organisations should look to improve their cyber resilience.
An effective cyber resilience strategy should include layered security protection, independent data storage and alternative access routes to key systems like email, for when the worst does occur.
The cyber resilience strategy should further include a backup and recovery plan just as this was a priority when systems were on premise.
Increased adoption of cloud services is a welcome development in the Middle East business sector and will support organisations as they strive for greater agility and scalability.
But putting all your eggs in one basket – can leave you exposed to a broad range of new risks.
Using a third-party provider and having an effective cyber resilience strategy provides a safety net and enables organisations to quickly return to standard operations without losing critical data or productivity.
Oman Observer is now on the WhatsApp channel. Click here
