With Office 365 Security, Knowing Is Half The Battle

In a 2017 study conducted by CollabTalk and the Marriott School of Management at Brigham Young University, a survey was used to generate key insights into the perceived gaps in Office 365 security. Most of the responses came from small businesses (less than 50 employees) in the technology sector, many of whom identified as consultants who provided development and deployment services for their customers.

  • Barely over half of the respondents use Multi-Factor-Authentication, but it was still the most commonly used product (54%). The next most used was Exchange Online Protection (46%).
  • When asked how Microsoft could enhance the security of their products, 83% of respondents that commented requested more assistance in understanding and implementing Microsoft products.

Understanding Microsoft Cloud Services and SecurityClick here to download a copy of
Understanding Microsoft Cloud Services and Security
sponsored by Microsoft, AvePoint, Rencore and Solliance

This illustrated a few important points: First, only about half of the respondents were willing to pay for additional security features. Second, most of the comments pointed to a general confusion around cyber-security with Office 365 products. In other words, they did not know what was available through the platform, whether these features were all (or in part) in use, or whether the features provided exceed, met, or missed their industry and organizational requirements.

This lack of education is emphasized in some of our other findings:

  • Of those that thought Microsoft security was sufficient, 80 percent have either not run security checks, or do not know if they have.
  • Of those that did not think Microsoft security was sufficient, only 29 percent have not run, or do not know if they have run, security checks.
  • Of those who did not think the current security protection offered by Microsoft was sufficient, 57 percent were not aware of Microsoft’s cyber-security division, and 71 percent were not aware of Microsoft’s overall security strategy.
  • Only 39 percent of respondents were aware of both Microsoft’s overall security strategy and their cyber-security division (55% at least knew about the C.S. division).
  • 100 percent of respondents who had experienced a security breach did not think Microsoft security was sufficient, regardless of the cause of the breach (and vice versa, 100% who did not think the security was sufficient has experienced a security breach).
  • 88 percent of respondents who did not experience a security breach either do not currently run security checks or do not know if they run security checks.

These results highlighted a few important points:

  • Those who are confident in the security of Office 365 products are not as careful in running security checks, while those who are skeptical are more cautious.
  • Those who are skeptical, however, do not seem to be aware of Microsoft’s cyber-security efforts.
  • Also, every respondent that had experienced a security breach did not think Office 365 security was sufficient, even though none of the reasons indicated were attributable to Microsoft.
  • Finally, less than half of all respondents were aware of Microsoft’s overall security strategy and their cyber-security division.

These results lead us to believe that those that perceive Office 365 security to be sufficient are very trusting, to the point that they do not run security checks, and also that those who do NOT perceive the security is sufficient are skeptical because they have experienced data breaches, regardless of whether or not Microsoft security was a factor.

Clearly, there is a perception gap in security, largely due to a lack of education. Truly, knowing is half the battle.

Knowing is Half the Battle -- G.I. Joe

Christian Buckley

Christian is a Microsoft Regional Director and M365 Apps & Services MVP, and an award-winning product marketer and technology evangelist, based in Silicon Slopes (Lehi), Utah. He is a startup advisor and investor, and an independent consultant providing fractional marketing and channel development services for Microsoft partners. He hosts the weekly #CollabTalk Podcast, weekly #ProjectFailureFiles series, monthly Guardians of M365 Governance (#GoM365gov) series, and the Microsoft 365 Ask-Me-Anything (#M365AMA) series.