Updated: 4/25/2023
Know the Tradeoffs for Security
Microsoft continues to persuade customers to convert from E3 to E5 licenses, promising the move will enable those organizations to gain key security features, while reducing spending and complexity overall. This piece examines how new M365 features affect
third-party security along with guidance to help make the most from a move from E3 to E5 licenses.
Evaluate Your Reliance on Microsoft
Security teams should consider having a frank, open and honest discussion with their CIO about their strategy for messaging, collaboration and productivity applications over the next 5–7 years. If the majority of knowledge workers’ activities
will rely on Microsoft’s cloud, avoiding an E5 license will become increasingly difficult due to two factors:
- Microsoft may continue to add features to Microsoft 365 (M365) faster than third parties can keep up from a security perspective: This means M365 organizations could be forced to rely on Microsoft’s own security solutions, because no viable
alternatives exist.
- Microsoft may continue to push the APIs third parties to provide security solutions for M365 customers: This means the tools third parties are able to deliver to manage M365 environments may not be on par with what Microsoft itself offers, once
again could lead M365 organizations to increasingly rely on Microsoft.
Invest in M365 Operational Details
Microsoft’s investments in its security technology portfolio over the last five years have made a fundamental difference in the quality of its offerings. In fact, organizations with under 10,000 users in low-regulation and low-risk industries tend
to find success with an E5 security approach, despite some of the technical tradeoffs.
SIEM Issues and Costs
Moving to a different SIEM might not solve the issue, either. Moving between SIEM vendors for SIEM needs could be problematic if the vendor solution partner(s) lack significant M365 experience.
Today, for some M365 customers, there isn’t an optimal alternative to Microsoft Sentinel for sophisticated event analytics and automated reporting. Unfortunately, Sentinel cannot ingest significant amounts of legacy application and platform events
without teams first investing in a data normalization and correlation model. As a result, large M365 organizations may need to move toward a “two panes of glass” model for security operations center teams, which could in turn impact their
ability to enjoy the supposed operational efficiencies of moving to the E5 license.
How MDRs Help Manage Security Events
One benefit for organizations using M365 with an E5 license is there is rapid growth among a new class of managed services providers offering managed M365 detection and response (MDR) capabilities through the use of features provided with an E5 license.
If an organization’s security team is lacking in M365 security expertise, moving to an E5 license and then contracting with an MDR provider to deal with the Microsoft cloud-related issues can help manage the security event overload, while reducing
the risks of the core security team missing a material event in M365.
Read: Considerations for a Move from an E3 to E5 License for M365
Limited Vendors in Collaboration Platforms
In the enterprise collaboration and productivity market where there really are only two alternatives: Microsoft and Google.
Microsoft is, by far, the most popular collaboration platform. However, if an M365 organization wants to avoid sole-sourcing its security stack to Microsoft, the Google security ecosystem may not be a viable choice, because it is not as mature as what
can be found within M365. For example, Google does not have a consolidated identity strategy like Azure AD, a mobile device management capability like Intune, nor mature e-discovery and compliance
tools like those found within M365.
AWS is not a strong alternative either. It has dabbled in the collaboration/productivity space but hasn’t really done a good job delivering anything that would be considered a viable alternative to Microsoft or Google.
In addition, the decision to use a particular platform is made many times due to market forces. For example, many large retailers consider both Google and AWS as competitors in the retail space. Consequently, their executive leadership mandates the use
of Microsoft platforms. In other cases, Microsoft is deemed the unfriendly option by business leaders due to investments made in certain technology partnerships.
The likelihood security teams will have a viable alternative to major vendors in the cloud collaboration space is decreasing rapidly. And the CIO’s choice of collaboration platform will become a de-facto security tooling choice as well. The only
things stopping this platform lock-in and consolidation will be either a massive misstep by a major player in the delivery of their collaboration services (i.e., a breach, denial-of-service incident, etc.) or government regulation that forces technology
diversification.
DOWNLOAD: Harden M365 Identities and Exchange Online
Understand Microsoft Security Tradeoffs with E5 Licenses
To ensure the decision to move to E5 licenses reaps dividends:
- Understand your risk and regulatory environment: Small organizations within low-risk, low-regulation industries have seen security benefits with the move to E5.
- Watch the SIEM: For most large organizations, M365 event overload coupled with expensive vendor platform pricing could have an impact on cost benefits from the move to E5.
- Choose your collaboration platform with an eye toward security: In the very near future, the choice of collaboration platform will end up dictating your security tooling choices, too.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.