consigliere of your IT administrationABOVE IT
Subscribe to our newsletter

Why upgrade to Business Premium?

Juha explains why upgrade to Business Premium?

I’m often asked why upgrade to Business Premium? A simple “spoiler” answer: Because it’s the first license level in Microsoft 365 services’ Business licensing that brings information security and data protection services with it, bundled into a comprehensive license package. With it, you can also get rid of an office server or third-party security solutions and achieve clear savings.

Towards tightening requirements

By the way, have you noticed that information security requirements for organizations are tightening this year? In the autumn, the updated NIS2 EU directive will come into force after a transition period, and in the financial sector, the even stricter DORA EU directive and its obligations at the turn of the year. Some SMEs and organizations seem to think that “the requirements don’t apply to us,” and it’s good if such an interpretation of the requirements has been made. At the same time, however, various artificial intelligence solutions that are the subject of great hype are developing at a rapid pace and seem to be increasingly interesting to organizations. Data protection seems to be of great interest to different organizations when it comes to AI assistants.

But do you have larger organizations as customers or partners that these upcoming NIS2 or DORA obligations will affect? In this case, I recommend making a quick reassessment, as these requirements may also be inherited by smaller organizations as part of supply chains. And for example, we IT companies are directly obligated by the NIS2 directive. Would it be a good time now to think about data protection a bit more broadly, even if it feels a bit daunting? In any case, we can assume that the current development is unlikely to stop here: Future directive updates may bring direct requirements for all of us.

Information security for Microsoft 365 services?

While Office365 services were originally just services and Office applications enabling knowledge work, such as email – it was soon realized that the services need technical solutions enabling information security and data protection alongside them. The first Microsoft 365 service packages packaged with security were born, such as Microsoft 365 Business Premium. Microsoft 365 Business Premium is a very comprehensive cloud service license aimed at organizations with fewer than 300 people.

However, a large part of SMEs and organizations have continued to use more limited licensing models, for cost reasons. They may still be using just Business Basic level services. If they’ve wanted to acquire Office applications as well, they might be using Business Standard level basic licensing. But both of these still lack information security and centralized management. And this is also the reason why I warmly recommend considering broader Microsoft 365 service packages equipped with information security and data protection instead of these basic licensing options. I’ll explain in more detail why shortly.

How to ensure information security?

So what do the EU directives bring with them? The majority of the requirements are purely administrative. It is required that companies have gone through at least some kind of Excel exercise related to information security, documented their own practices. But some of the requirements also bring obligations to us organizations. Obligations to be able to validly monitor the state of information security and, if necessary, report exceptions to supervisory authorities within deadlines, under the threat of penalty payments.
What does this mean in practice? In order for an organization to be able to ensure and monitor the state of information security and data protection in its own IT environment, practices must be centrally defined and validated from the top down. I challenge you to a bit of a thought experiment: While many companies have been accustomed to doing things with a lighter Business licensing model, where there is no centralized management and some responsibility for settings is also with the end users themselves, is this enough anymore?
Let’s take a basic example: The information security settings for the workstation have been the end user’s own responsibility to implement or hastily set by the IT responsible person, but we have no centralized visibility into the workstation – can the organization say for certain that the information security settings have been implemented according to the requirements set by the organization?

The most important points for better data protection

Centralized management for a small company – is it a bit excessive? Of course, the NIS2 and DORA directives are applied to smaller companies in a somewhat lighter manner. But if the size of the organization starts to approach ten people, centralized management and better-managed information security start to matter, especially if these obligations apply to your organization.
However, as the most important point improvement when moving to Business Premium, I personally consider the improved communication security against advanced threats. The majority of threats nowadays are phishing and other advanced threats, against which there are hardly any tools in lighter licensing models. These are, by the way, protection features that are actually missing from the corresponding Microsoft365 E3 licensing for larger companies as well! When these protections against advanced threats are combined with the possibilities brought by centralized management and conditional access management, the majority of modern dangers threatening organizations can be prevented. And most importantly, visibility and information can be enabled regarding information security, which is important in fulfilling EU directive obligations.
But what about Copilot and other nice AI assistant solutions? As a small tip for ensuring data protection, data classification and protection, as well as retention practices, will have a great significance for data availability and freshness with regard to Copilot. These are all things that can be enabled and made possible in their basic form only at the Business Premium level. Although Copilot is available with Business Standard licensing, I cannot warmly recommend implementing Copilot before it’s accompanied by Business Premium licensing, for data protection reasons.
So the next time you wonder about savings in terms of licenses, it’s worth thinking a bit about the future, and how small a part that saved ten euros per month ultimately is compared to a person’s salary costs and potential revenue streams brought by the workforce. Microsoft365 services are a very central part of people’s daily work and everyday life. The potential interruption caused by an information security threat and possible damages can be multiple times these costs. Could those same typical couple of thousand euros in annual savings be obtained otherwise, for example by improving work efficiency?

Above IT is your IT management’s partner and resource. As our customer, you get genuine expertise related to the development of information security and data protection, but also the necessary licenses. And if the upcoming information security obligations and requirements feel vague to handle, we might have support and solutions for that as well.

Hae sivuilta:

Search site: