A number closer to 4 out of 5 companies use Exchange (cloud or onprem). Think about the massive infrastructure. Imagine how important and prevalent it is for businesses....and realize why it is constantly targeted by attackers. Businesses should carefully evaluate the risks and limitations of relying on Exchange as their security email solution as well as their storage and communication email solution.
The software suites by Microsoft has long been a cornerstone of corporate businesses worldwide. From Document processing and storage to Collaboration tools, and of course, their Exchange email systems, offering email, calendar, and contact management for businesses of all sizes. In fact, this service - Exchange - is one of the largest adopted products in the world.
Security Vulnerabilities
As the dominant email platform, Microsoft Exchange is a prime target for cyberattacks, including ransomware, phishing, and zero-day vulnerabilities. Over the years, several high-profile breaches have exposed critical weaknesses in the systems: The Hafnium attack, the ProxyShell, and many other attacks exposed and exploited the vulnerabilities of this system. sensitive data was stolen, huge remediation costs, and huge downtime in email with the underlined business impact.
These incidents underscore Exchange’s role as a top target for cybercriminals, and the security flaws, especially in on-premise versions, leave organizations exposed. On-premise Exchange servers require continuous patching, monitoring, and updates, but many organizations struggle to stay ahead of emerging threats due to the platform's complexity and resource demands.
Suggestion: If your business is sticking with Exchange, it’s essential to invest in third-party security protections—such as email security gateways and infrastructure backup/archiving systems—to help mitigate these risks.
High Costs
Managing an on-premise Microsoft Exchange server can be expensive. Companies need dedicated IT staff for server maintenance, updates, backups, and troubleshooting. In fact, a Gartner survey found that businesses spend $1,000 to $2,500 per user per year to maintain on-premise Exchange systems, factoring in hardware, software, and IT personnel costs.
Even the cloud-based version, Exchange Online, can become costly over time. Microsoft has gradually raised prices across its Microsoft 365 suite, and businesses that depend on Exchange often find themselves paying for bundled features they don't fully utilize. A notable price increase occurred recently, when Microsoft raised its Microsoft 365 pricing by up to 20%.
Suggestion: Evaluate all cost options, including third-party alternatives that might offer the same or better features at a lower cost. Don’t forget to factor in necessary add-ons, license fees, and any potential price hikes over time.
Downtime, Outages, and Data Loss Risks
Microsoft Exchange’s downtime incidents have had significant repercussions for businesses, highlighting the potential risks of relying too heavily on a single platform. From hours to days, from major blocks of the infrastructure to smaller locations, the fact is that without access, and potencial email lost.
Suggestion: Ensure your business continuity with email backup systems and emergency mailbox solutions. These services let you access email archives and keep communication flowing even when your main Exchange server is down.
Feature Parity with Competitors
Microsoft Exchange, while feature-rich, has seen increasing competition from other platforms that offer similar (or better) functionality at a lower cost. Competitors like Google Workspace, Zoho Mail, and ProtonMail are gaining ground by offering intuitive, flexible solutions that appeal to businesses looking for alternatives.
In terms of security, the extra cost (the cost may be dissimulated in the product bundling) and extra security of Defender upgrades is known to improve the service, but perhaps at a greater cost, if compared to thrid party specialized Email Security Gateways, which also have the advantage of being outside the network and the technology of Microsoft.
Solution: Assess your organization’s specific needs and employee usage. Determine if all of Exchange and Defender-for-Exchange features are necessary or if a leaner, more specialized tool could improve efficiency and reduce costs.
Conclusion
Microsoft Exchange (and its security addons) is a very good and very successful product (and therefore, expensive). It is also a great example of businesses over-relying on a single vendor and on one of the most attacked systems in the world.
From an attackers perspective, An organization with a less common Email ecosystem, or an Organization using Exchange, but with third party, specialized, security and data management layers is usually less appealing.
By Rui Serra • January 16, 2025
© AnubisNetworks 2023 •