Andrea Danti - Fotolia

Get started Bring yourself up to speed with our introductory content.

How to step up your Microsoft Exchange security game

Your Exchange environment is a key component in your organization's communication platform, so shouldn't protecting it get the highest priority?

Many people believe that information security is about the technology -- the bits and bytes -- that make up the network defense system. From one perspective, that's true. When it comes to Microsoft Exchange security -- or the network as a whole -- we couldn't survive long without firewalls, content filtering, malware protection and the like.

But information security is multifaceted; it's not just a single layer of technology. Information security is a broad and complex ecosystem of elements that must work in unison to maintain system resiliency and a secure email server.

The core principles of a solid information security program are both tangible and intangible. The following are familiar to most people but have been overlooked in many organizations:

  • Knowing what information is where;
  • If you want to ensure you have a secure email server that integrates with the overall information security program, you're going to have to step up your game.
    Assessing information risks;
  • Obtaining and maintaining support from management;
  • Enforcing policies through the necessary technologies;
  • Getting buy-in from users so they're motivated to do what's right; and
  • Developing an incident response program.

All of these areas impact Microsoft Exchange security on a daily basis. If you want to ensure you have a secure email server that integrates with the overall information security program, you're going to have to step up your game. Making such changes means that you're going to have to get out of your comfort zone; say what needs to be said and do what needs to be done. Some will hire an outsider to perform a security assessment and use that as leverage for gaining support and budget needed to make security improvements. However, just as many will pretend that security problems don't exist. Or, if they know what's creating risks, they're afraid to rock the boat with peers and management. In that case, the status quo will remain as will the security risks. In the end, you still have priorities that only you can address.

Start with the basics

The most important step to take is to measure the existing risks. Many organizations haven't even done that. Some don't want to acknowledge the risks because they represent work -- and change. Some don't know where to start. If that may be you, don't fret; it's simple to get started. Read and listen. Read about information security; not about the latest threats. That stuff is cool but you have to understand the security basics first. Listen to learn about information security. Attend webcasts, seminars and conferences. You'll get information to help you with your security goals and, just as importantly, you'll meet other people who can teach you things that would otherwise take years to learn on your own.

Take steps to shore up defenses

Once you have the risks prioritized, work on getting the right people to provide the backing necessary for resolving the risks or accepting them. Don't just ignore them. The last thing you want to be is low-hanging fruit for hackers but that's exactly what your Exchange environment and your business will be if you fall into the trap of security complacency. You have too much tied up in Exchange which is arguably your most critical enterprise application. Keep pushing for what's right to increase Microsoft Exchange security and prevent your organization from being an easy target.

Next Steps

Guide for Exchange administrators for securing email servers

Microsoft native tools can help protect your environment

Pinpoint the risks then implement policies to protect your organization

This was last published in June 2016

Dig Deeper on Spam and virus protection

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How confident are you in your organization's ability to maintain a secure email server?
Cancel
Your Exchange environment is a key component in your organization's communication platform, so shouldn't protecting it get the highest priority? ABSOLUTELY......Also DO NOT put your Data (Emails) in the Public Cloud (Office 365) if your company do NOT want Microsoft to access/control your Data (Emails).
Cancel

-ADS BY GOOGLE

SearchWindowsServer

SearchEnterpriseDesktop

SearchCloudComputing

SearchSQLServer

Close