Welcome to CBR TV. My name is John Bernstein. I'm joined today by Ann Maya, who is Marketing Director at Quest Software. Ann, we're going to talk about the compliance and security challenges of delivering Microsoft Services in the cloud, with specific reference to Office 365. So let's start with Office 365. What are the motivating factors? What's driving people to put more and more workloads into Office 365?
Hi, John. Yeah, what we're finding is that a lot of organizations we've spoken to are moving towards Office 365, driven mainly from their users wanting to use email. So with email comes a lot of the other productivity tools that Office 365 offers. And the more they start to use these tools, the more they see that they work really well to help their teams collaborate and communicate. So we're seeing a lot of the drivers are coming mainly from the use of email and things like Skype for Business Online.
So if that is the potential benefit, what is the potential downside? What are the security and compliance concerns?
Yeah, great question. Because Office 365 is a productivity platform, that beautiful integration means that these utilities are now spreading across multiple devices, and users are becoming more remote, and are able to work from anywhere, which is brilliant. But that means that the more they do that, the more they share information, they have conversations on Skype for Business Online, as an example, that maybe are sensitive to that corporation, and maybe shouldn't be shared with the world at large.
So being able to control how users use different features and what they have access to becomes really important. So security and compliance gaps come from being able to control what users can share. But as well as that, being able to recover back if something goes wrong. So office 365 is-- for every instance of a user having Office 365, they also have an Azure Active Directory account. And as one grows, so does the other.
But the problem is many organizations aren't explicitly managing Azure Active Directory. They're managing their on-prem, which works for say 90% of what they do. As their cloud presence grows, they may not necessarily putting as much management into that Azure Active Directory environment, which means if those go down, some of their cloud only services are at risk.
And that becomes a problem. And as we know with GDPR, being able to restore quickly is a really important aspect of being compliant. And if they're not able to do that, in some cases, some of those cloud only objects, if deleted, either maliciously or accidentally, may never be retrievable. That's a manual exercise. It takes a very long time.
So you've articulated the potential issue there. How do you mitigate against that problem?
Yeah, so the one really simple way is first ensure that the disaster recovery solution covers cloud only objects. And cloud only objects or things like Office 365 groups, users that have license information, that are cloud only, for cloud only applications, things like that. So being able to make sure all of those-- and critically, B to B, and B to C accounts.
So if an organization has say web application, and they need to make users-- let users have access to it, those would be B to C accounts. If those all go down, that can cause a problem for the users, which means it's an issue for them as well, from a business perspective.
And more broadly, SAS based solutions, Software to Surface based solutions, why are they so compelling?
Right, to be able to manage policies across things like Skype for Business Online and Exchange Online, can very easily be done through a SAS application itself. And that allows an admin to be able to set policies based on Azure Active Directory groups. So that they can insure and prove that these users only-- like let's say you restrict anonymous users from being involved in Skype conversations, or you enable remote white on a mobile phone, or ensure encryption is applied.
So what you can do is apply those through a third-party SAS application, and that makes it easier for admins to control that environment. As well, being able to do this from anywhere. So if you need to do recovery from wherever you are, if you're a homeworker, or if you're even on holidays and some disaster happens, to be able to really easily access the full power of a recovery and backup solution could be really important to your business. And that's what third-party applications can do.
And why should people turn to third-party applications when Office 365 has its own suite of native solutions?
Yeah, we get that question an awful lot. And the real answer is because native applications are designed to offer the bare minimum-- not bare minimum. I, mean they're quite good and they're feature rich. But they don't really accommodate doing bulk tasks quickly and easily. So they do require PowerShell scripting, which is brilliant if you're an advanced scripter.
But if you need to manage those scripts and be able to get them up and running very quickly-- and I've used recovery as an example before-- but if you had thousands of B to C accounts to recover, right now there's no way to do that with native tools at all. And hard deleter users, you can't recover.
So there's limitations to it native tools can do. Third-party tools can do this. And they can do it quite simply and easily for bulk users or small members of users, it doesn't really matter.
Ann, a final question, briefly if you would, balancing those benefits with protection and control, what's your advice to organizations out there?
I think you have to be able to give users the freedom to work in this new platform. That's the whole idea, is to make it easier, keep them more productive,