At Forcepoint, Office 365 is not just email in the cloud—it’s an embodiment of our productivity. We collaborate on projects using Teams and SharePoint, communicate in Skype’s chat windows, host important files on OneDrive, and eagerly present our newest strategies and go-to-market plans on PowerPoint. Looking back, making the choice to transition over to this platform didn’t take much thought, but doing it right took extensive planning.
For one, the transition from on-premises to cloud had to be seamless. We didn’t have the luxury of turning off email for a day or two while we figured it out. The moment we sent an email letting our teams know about Office 365, they would tear into it like a pack of hungry wolves (oh how they love new technology). That’s why we started a pilot program, at first limiting the migration to just the IT team. They’re used to confronting technical issues, and so they played an important role in helping us “work out the kinks.”
They weren’t the only ones involved in the initial pilot, however. We needed to know what seemingly unimportant aspects would bother the heck out of everyone, so we went around and hand-selected people from different departments–sales, finance, marketing, and so on—to be our usability guinea pigs. If we could make them happy, we knew we had a fairly decent chance of rolling the program out to the broader team.
Any other company might have saved security for last. As a security company, that’s just something we don’t do. It couldn’t be an afterthought—it had to be something we considered early and often. Microsoft has some built-in security, but ultimately, they don’t know or care about our unique characteristics as a company and what we do and don’t prioritize in terms of security. Some people say it’s important to “eat your own dog food” or “drink your own champagne” (for obvious reasons, we prefer the latter). We are always talking up our system of integrated security solutions that bring about risk-adaptive protection—what better time and place to put it to use than to secure Office 365?
Some of the solutions we used were:
- Forcepoint CASB. For visibility into end-user risk in cloud apps
- Forcepoint UEBA. To make sense of data from Forcepoint CASB, Okta, and the O365 Security Center
- Forcepoint Email Security. To take care of inbound spam
- Forcepoint DLP. For data protection on outbound emails
- Forcepoint Dynamic Data Protection. To automate the enforcement of policies according to near real time changes in risk
One of the coolest things about working on this rollout was how we were able to guide our end-users to take advantage of sanctioned apps instead of their potentially less secure counterparts. We won’t name names but Forcepoint CASB surfaced several Office 365 “alternatives” in use at the company. It’s one thing if there is a legitimate need for other apps but why not take advantage of something the company is already paying for and has worked diligently to secure? It’s a win-win for everybody.