Office 365 is often presumed to be sufficiently resilient since it is based in the cloud, however the cloud isn’t just an ephemeral architecture. It is in aggregate still subject to many of the same vagaries and challenges that affect individual on-premise deployments. It is only structured in such a way that it is less likely to have a dramatic effect on any one particular business.
Much as this is the case, outages still occur. In the case of Office 365, Office 365’s multi-factor authentication locked out users for 8 hours recently with no workaround. We’ve already discussed the challenge posed by Office 365 Email Outages, but with problems of O365 access clearly growing and not shrinking, you need to consider how to adopt a strategy of Cyber Resilience for Office 365.
What is Cyber Resilience?
According to IT Governance UK, “Cyber Resilience is a broader approach that encompasses cyber security and business continuity management, and aims to defend against potential cyber attacks and ensure your organisation’s survival following an attack.”
To illustrate this difference, ask yourself: what is your usual conception of “security”? To most people this means confidence or comfort that you will be free from harm or interference, most often by a malicious actor, but also from unforeseen disasters, hardships and even accidents.
Resilience builds on this by considering the likelihood of unexpected events interrupting the normal course of business for your organization. The unexpected can always happen, both for well and for ill, so building a durable framework to maintain continuity no matter the nature of a risk can prevent your organization from falling victim to challenges where other organizations might find themselves unprepared.
Representing Resilience Mathematically
It may be hard to adopt the assumption that your service is imperfect, but also that another necessarily imperfect service to back it up might offer you significantly more resilience overall, however within the margins of standard SLA’s today, assessing the total impact and visibility of IT’s continuity efforts can actually be fairly substantial.
Think of it this way: if you have a primary service up 99.99% of the time, it will fail .01% of the time on average. If a parallel service backs this up, and that service is up a different 99.99% of the time, then the two services only have a .0001% probability of being out at the same time.
If you were to go from 1% to .01% downtime, that would be the equivalent of going from experiencing 3.65 days of outages per year to approximately 53 minutes of outages per year. .01% being 53 minutes, depending on the size of your organization and the intensity of your work, this could still have a major impact on you – especially if you consider that when you do fall victim to an outage, you’re most likely to take a far greater proportion of downtime than a simple 53 minutes. Aside from all the other benefits of a secondary solution, if you achieve .0001% aggregate downtime (in the case of this example), you’d only experience 31.54 SECONDS of downtime per year.
SLAs and the expectations software services vary, and obviously committed or financially-backed SLAs exist beyond the pale of 99.99% and above. However, downtime is known to occur, particular with critical systems like Office 365 (as cited in the examples above). Cyber Resilience for Office 365 creates an expectation that you won’t be left vulnerable to a single point of failure within the solutions your organization relies upon.
Cyber Resilience, and Cyber Resilience for Office 365, aren’t exclusively about building up one solution that will always be successful, but building in intelligent redundancies that optimize your outcomes for a variety of different scenarios. Natural disasters, broader architecture failures or other systemic risks all confront organizations of all sizes, and splitting your bets between maximally reliable solutions is the only way to be truly resilient against these sorts of risks.
Deploying an email security solution for Office 365 is critical to ensuing you get maximum value from this solution, but email continuity for Office 365 is also critical to getting around the issues of downtime and lockouts from overzealous features like O365’s MFA. If you’re looking for a solution like this, consider trying a free trial of Vircom’s modusCloud solution to get your search started.