Companies everywhere are making the transition from on-premises servers to cloud-based e-mail services. This switch is an opportunity for IT leaders to tighten their security controls.
Mathias Thurman writes, “As my company continues to move enterprise applications to the cloud, the latest development presents a security opportunity. We are giving up our on-premises Microsoft Exchange e-mail in favor of the Microsoft Office 365 service. With the transition, we might be able to curtail the common employee practice of communicating and storing sensitive business-related data in e-mail.
“I am encouraging the IT organization to tighten security by implementing controls that were either not available in our on-premises deployment or never implemented. The first order of business is a cleanup of accounts and distribution lists. We have hundreds of e-mail-enabled distribution lists, and too many of them are available to the world. We should be able to cut down the number of lists and set rules about who can use them.
“For example, one list that includes all members of the customer support team has been available to anyone, though only internal employees have a need for it. Customers will have access to a separate support distribution list that will integrate with Salesforce to automatically generate a support ticket.
“We will also restrict to managers the ability to send to ‘all.’ Too many people use the ‘all’ alias to send messages that most employees perceive as spam. That’s a problem in a growing company.”