Recap and Highlights from 365 EduCon DC 2023, a Microsoft 365 Conference

Conference Overview

Alcion was a Gold Sponsor for the first 365 EduCon event, held last week in Washington DC. This was the first Alcion conference appearance, following the launch of our AI-driven data protection platform in May. Our booth was staffed with members from our product, marketing, and engineering teams who spoke with attendees and discussed how Alcion could help address their data protection needs.

The 365 EduCon DC conference was well attended by Microsoft 365 practitioners from a variety of industries with many coming from education, government, and healthcare. The audience included a mix of Microsoft 365 power users and developers focused on building custom solutions as well as administrators looking to enable user productivity and collaboration. The sessions we highlighted in our previous post did not disappoint, and there were many other breakouts and technical sessions that kept everyone engaged.

One of the most popular activities on the expo floor was a scavenger hunt, where attendees had to find QR codes in the booths to qualify for some amazing prizes. Here’s the happy winner of our prize, an Apple HomePod mini!

‍

Highlights and Takeaways

Data Security Blindspots

A large portion of the conference attendees were SharePoint and PowerBI developers. As such, they were well-versed in some of the native data protection capabilities in Microsoft 365, including data access, versioning, and retention policies. This awareness around the topic of data protection was encouraging, but there were a few noticeable gaps. Specifically, we found some booth visitors asking “Why do I need a third party backup service if I already have access controls and versioning policies?” which sparked discussions about the risks posed by privilege escalation attacks and malicious insiders. In those scenarios, the same permissions that had been configured to protect the Microsoft 365 domain could be used to corrupt or otherwise modify data. These conversations led to a lot of affirmative nods as folks realized that the extent of the threats to their data beyond just accidental deletions.

Evolution of Cyber Threats

Throughout the conference, there were a number of interesting sessions that expanded on the topic of cyber threats. Some of the stats were frankly shocking. While some organizations are fortunate enough to dodge cyber attacks altogether, one sessions claimed that 48% of organizations experienced a ransomware attack over the past 12 months, and SaaS data was the target of 51% of these attacks (link). Microsoft 365 admins are at particularly high risk, with as many as 78.5% of malware attacks targeting Microsoft Office vulnerabilities (link).

It was also interesting to learn how malicious actors are leveraging a combination of social engineering and AI generated deep fakes (including voice and video fakes) to increase the sophistication and breadth of their attacks. This really reinforced the notion that the most vulnerable component of an organization’s defensible perimeter remain its people. Great examples of successful social engineering attacks included Uber, Rockstar, and Kaiser Permanente.

Lastly, I also learned about how cyber insurance can provide a false sense of security. Most insurance policies usually contain fine print which reduce the payout to a fraction of the expected claim. A vendor gave one example of a policy that entitled the claimant to 50% of the full payout if they had a vulnerability outstanding for 45 days, and only 25% if the vulnerability had been outstanding for 90 days. This shows how cyber insurance is necessary but not sufficient when it comes to hedging against cyber attacks.

Cloud Adoption Challenges in Some Verticals

We also spoke to a number of organizations who still rely on on-premises or hybrid deployments. Conference attendees seemed to be aligned on the value proposition of the cloud, but many face an uphill battle to convince and satisfy other internal stakeholders. This was a particular challenge for folks from the government sector where concerns about expanding the third-party exposure envelope and data security are still top of mind for decision makers.

One consultant who works in the public sector felt that he “signs [his] life away” in order to assure his clients that their cloud data is stored and handled in a secure manner. It’s apparent that software vendors need to approach potential customers with a security-first mindset and appropriate certifications (e.g. SOC 2, FedRamp for government) before they can enter into serious consideration.

Where Alcion Comes In

In our booth, we featured and discussed the Alcion platform, which provides a robust, secure, and intelligent backup service that protects your entire Microsoft 365 domain in the face of increasingly complex and frequent cyber threats.

Check it out for yourself with this demo video that shows the ease and intuitiveness of the Alcion platform.

I invite you to join the Alcion conversation and share your feedback on our Discord channel. Don’t miss the Alcion case studies from real users, and the white paper that synthesizes the most common security-oriented pain points that Microsoft 365 admins run into. And if you’re ready to try Alcion, you can; it’s free for 14 days no credit card required.

Don't let your organization become another data loss statistic. Try Alcion, protect your Microsoft 365 data, and take control of your cloud security journey.