Save time with unbiased, independent feedback on vendor solutions.
Watch weekly bite-sized webinars hosted by IANS Faculty.
Know the Tradeoffs for Security
Microsoft continues to persuade customers to convert from E3 to E5 licenses, promising the move will enable those organizations to gain key security features, while reducing spending and complexity overall. This piece examines how new M365 features affect
third-party security along with guidance to help make the most from a move from E3 to E5 licenses.
Security teams should consider having a frank, open and honest discussion with their CIO about their strategy for messaging, collaboration and productivity applications over the next 5–7 years. If the majority of knowledge workers’ activities
will rely on Microsoft’s cloud, avoiding an E5 license will become increasingly difficult due to two factors:
Microsoft’s investments in its security technology portfolio over the last five years have made a fundamental difference in the quality of its offerings. In fact, organizations with under 10,000 users in low-regulation and low-risk industries tend
to find success with an E5 security approach, despite some of the technical tradeoffs.
Moving to a different SIEM might not solve the issue, either. Moving between SIEM vendors for SIEM needs could be problematic if the vendor solution partner(s) lack significant M365 experience.
Today, for some M365 customers, there isn’t an optimal alternative to Microsoft Sentinel for sophisticated event analytics and automated reporting. Unfortunately, Sentinel cannot ingest significant amounts of legacy application and platform events
without teams first investing in a data normalization and correlation model. As a result, large M365 organizations may need to move toward a “two panes of glass” model for security operations center teams, which could in turn impact their
ability to enjoy the supposed operational efficiencies of moving to the E5 license.
One benefit for organizations using M365 with an E5 license is there is rapid growth among a new class of managed services providers offering managed M365 detection and response (MDR) capabilities through the use of features provided with an E5 license.
If an organization’s security team is lacking in M365 security expertise, moving to an E5 license and then contracting with an MDR provider to deal with the Microsoft cloud-related issues can help manage the security event overload, while reducing
the risks of the core security team missing a material event in M365.
Read: Considerations for a Move from an E3 to E5 License for M365
In the enterprise collaboration and productivity market where there really are only two alternatives: Microsoft and Google.
Microsoft is, by far, the most popular collaboration platform. However, if an M365 organization wants to avoid sole-sourcing its security stack to Microsoft, the Google security ecosystem may not be a viable choice, because it is not as mature as what
can be found within M365. For example, Google does not have a consolidated identity strategy like Azure AD, a mobile device management capability like Intune, nor mature e-discovery and compliance
tools like those found within M365.
AWS is not a strong alternative either. It has dabbled in the collaboration/productivity space but hasn’t really done a good job delivering anything that would be considered a viable alternative to Microsoft or Google.
In addition, the decision to use a particular platform is made many times due to market forces. For example, many large retailers consider both Google and AWS as competitors in the retail space. Consequently, their executive leadership mandates the use
of Microsoft platforms. In other cases, Microsoft is deemed the unfriendly option by business leaders due to investments made in certain technology partnerships.
The likelihood security teams will have a viable alternative to major vendors in the cloud collaboration space is decreasing rapidly. And the CIO’s choice of collaboration platform will become a de-facto security tooling choice as well. The only
things stopping this platform lock-in and consolidation will be either a massive misstep by a major player in the delivery of their collaboration services (i.e., a breach, denial-of-service incident, etc.) or government regulation that forces technology
DOWNLOAD: Harden M365 Identities and Exchange Online
To ensure the decision to move to E5 licenses reaps dividends:
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.
September 21, 2023
By IANS Faculty
Learn why CISOs Need D&O Liability Insurance Coverage now more than ever along with guidance to help minimize potential cyber liability risk.
September 19, 2023
Discover the diversity of IANS Faculty's real-world expertise. Learn how our faculty members can help you solve your most challenging security issues.
September 14, 2023
Learn how to use a three-step approach to defending and managing public and private APIs while avoiding common mistakes.