Microsoft Exchange Server – On Prem vs Cloud

Download the free infopaper from Hornetsecurity now to get all the information collected in one document.

The Microsoft Exchange hack, which affected hundreds of thousands of servers worldwide, is already one of the most serious cyberattacks in recent years. What happened? In March, Microsoft reported about a vulnerability in their Exchange Server mail. The vulnerability was exploited by a Chinese hacker group (Hafnium). The group got access to organizations’ email accounts all over the world. High-level authorities such as the White House have urged those affected to install security patches in their respective Exchange systems. 

But is patching alone enough? Not really! There is a risk that it is already too late and hackers have installed backdoors or created accounts to give themselves top-level access privileges: The consequences can be the theft of sensitive company data, unauthorized access to critical business processes and spear phishing attacks.

There also appear to be ongoing serious security issues with Microsoft Exchange following the March incident. On April 13, the German Federal Office for Information Security (BSI) published another warning about new vulnerabilities that need to be patched urgently.

On Prem versus cloud: What’s the best option for companies?

Hornetsecurity’s security experts strongly recommend that companies replace On Prem deployments of Microsoft Exchange with the cloud-based alternative, Microsoft 365. Being in the cloud, Microsoft 365 is not vulnerable to this kind of attack or issues caused by bad weather or other outages. It additionally offers greater functionality.

What’s the problem with on-premises hosting?

The company is responsible for the security of its data and vulnerability management

The company must take care of data security itself. This requires trained IT staff who must be aware of security vulnerabilities and install updates regularly and quickly.

Complete loss of data is possible

Not only does the company need to ensure that on-premises software is up to date, but it also needs to ensure that nothing happens to its hardware. For example, in the absence of backup systems, a fire, flood, or technical failure can cause the loss of important data.

On Prem software is often not up to date, meaning companies become vulnerable

When problems occur in on-premises software and updates are necessary, the company itself is responsible for ensuring that these bugs are fixed.

On Prem is expensive and time-consuming

Another disadvantage of on-prem software is the high costs. The necessary hardware must be purchased, financed, and maintained by the company itself.

Especially vulnerable to ransomware attacks

Data shows that falling victim to ransomware attacks is higher for organizations with on-prem setups. An analysis of data from ransomware leak sites by Hornetsecurity Security Lab found that, among victims whose data was published on these sites, 25 percent of organizations host their email servers on-prem.


What are the advantages of the cloud-hosted Microsoft 365?

Latest security updates

Organizations using MS 365 will always automatically have access to the latest version of the solution, without needing to handle any patching themselves. Microsoft delivers updates and the cloud providers focus only on the reliability and security of the system.

Latest functions and a variety of additional features

This also means that MS 365 users always have access to its latest features, without needing to lift a finger. Updates are done automatically. Additional features that form part of the package – like Microsoft Teams, OneDrive, SharePoint, etc – simplify the collaboration within the company and facilitate the data exchange.

Easy to use and maintain

The usability of cloud-based applications like Microsoft 365 is less complex. It can be installed in just a few minutes. The company also does not need to handle its maintenance.

Save resources

By using cloud software, companies save not only the expense of operating data centers and server rooms, but also the procurement, installation, configuration, maintenance and updating of software, among other things.

Scalability & flexibility

Because Microsoft 365 is hosted in the cloud, it’s easy to scale the required storage. Companies who use Microsoft 365 also can access documents from any device, anywhere, synchronously.

Summarized information

You want more detailed information about On Prem Services, the advantages of the cloud and the vulnerabilites of Microsoft 365? Download the free infopaper from Hornetsecurity now to get all the information collected in one document.

Decided to switch to Microsoft 365? Play it safe: With third-party protection

When considering Microsoft 365 and its many benefits, companies often worry about the security of their data from cyberattacks – this concern is not unfounded, but it is solvable. While Microsoft includes protection mechanisms, additional levels of third-party protection are necessary for a company to enjoy adequate security. Here’s why:  

Microsoft 365 is under massive attack


Ransomware is the biggest threat

Third-party supplementation for M 365 recommended

New study reveals vulnerability of M 365 accounts

I need a reliable third party solution!

365 Total Protection from Hornetsecurity offers comprehensive protection for Microsoft cloud services – specially developed for Microsoft 365 and seamlessly integrated to provide comprehensive protection for Microsoft cloud services.

365 Total Protection by Hornetsecurity: specially developed to secure Microsoft 365

According to statistics, 95% of all successful cyberattacks breach an organization via email. That’s why Hornetsecurity has developed 365 Total Protection – an industry-unique security and compliance suite designed specifically for Microsoft 365 that provides comprehensive additional protection.


The service combines all the necessary security features required by comprehensive email security management, such as:

Email Live Tracking

Enables an admin to monitor the company’s entire email communication in real time.

Threat defense

multi-stage in-depth analysis and filter systems detect even the latest spam and phishing attacks. Hornetsecurity has the highest detection rates on the market.

Global S/MIME & PGP encryption

protects the entire email communication from being altered or read by third parties.


 includes even more advanced additional functionality, such as:

Forensic Analyses

Intelligent filters enable efficient detection and filtering of any cyber threats that breach the company via email.

Detects even advanced threats

like ransomware, business email compromise or CEO fraud.

Malware Ex-Post Alert

Allows to delete potentially harmful emails that are detected later.

ATP sandboxing

Offers protection against targeted and blended attacks.

Email archiving

It is essential to have emails archived – legally and audit-compliant.

URL malware control

Identifies links that may lead to websites offering malware-infested downloads.

Contingency covering

Ensures permanent access to your company’s emails even if the Microsoft service is temporarily unavailable.

Global security dashboard

Centralizes all the functions and results of 365 Total Protection and offers a complete single-view overview of your company security.

Request 365 Total Protection now!

You have any questions?

+44 203 0869 833


Fact Sheet