How Secure is your O365 Deployment?

Author: David Cornish


At Zimbani, we are seeing more and more customers embracing cloud collaboration services, predominantly Office 365/Azure AD. For many organisations the benefits of Office 365 are making a compelling case for modernised email and collaboration services with companies embracing some or all of the services available. Microsoft state that they have over 100 million commercial Office 365 users and that 80% of Fortune 500 companies are already hosting business data in Office 365, so it’s very clear that we are past the point of early adoption and that this is now becoming the de-facto standard for office productivity.


However, as part of these migrations, sometimes organisations have an expectation that their data, once migrated to Office 365 services, is controlled by default to provide the same level of protection that was in place on their on-premise deployments. In some cases, that may be true, but in other cases the default protections applied may not, on their own, meet their organisation’s needs. Now, the good news! Microsoft have done a great job in providing controls in the Office 365 suite and while many of these are not on or configured by default, we often find that, if correctly leveraged with the right subscription type, these can be applied to align the risk of using Office 365 to within an organisation’s risk appetite. Even better, with some thought and planning, it is often possible to get adequate controls for your data  in place using native functions in Office 365 without needing to invest in sometimes costly integrations with other security service providers or products. As such, not only can a well thought out set of controls using native capabilities often address risks and vulnerabilities for organisations that have migrated to Office 365, in many cases there is also an opportunity for them to divest in other bolt on security services, rationalising their investment and consolidating their technology footprint.


At Zimbani we have a wealth of experience in assisting organisations plan migrations to Office 365. We also assess the security of existing Office 365 deployments and can assist the leverage of native controls in the Office 365 suite to adequately secure your organisation’s data and harden your tenancy. We can advise on which controls that are most relevant to you and your regulators and give you guidance to ‘right size’ your security posture and align to your risk appetite. If and when there is a deficiency in what is offered natively compared to your organisation’s risk appetite, Zimbani are highly skilled at identifying and solutioning additional security controls to fill the gap.


Our Secure Build service enables our clients to:

  • Understand and contextualise the relevant Office 365 security controls for your organisation
  • Understand the current state of your Office 365 security controls and how they line up to your risk profile
  • Prioritise, and if you wish, implement an uplift of your Office 365 security controls to secure your data
  • Report on the state of your Office 365 security controls


Are you considering moving to Office 365? Are you already leveraging Office 365 and want to know that your data is secure? Either way, Zimbani can help and we’d love to speak with you!