Are my Documents and Information Secure on Office 365?
BY: ALBERTO LUGO
There is a lot of skepticism about the security of information stored on cloud services and servers. Usually, when we make a presentation, that is the number one question: “Will my documents be secure in Office 365?”. If you look back at how security was handled a couple of years ago, you’ll remember that companies relied on a state of the art firewall around the office data center for securing data and information. These days it’s a very different story.
You have your company’s data center, online services, cloud storage, employees bringing their device (BYOD), and other services that store data elsewhere. These are why you need to understand the risks and build a strategy around information management in your organization. My intention in this blog is to clarify further and make a case for how secure Microsoft Azure and Office 365 are.
Let’s start!
1. Azure Active Directory
Azure Active Directory isolates your data using security boundaries. That safeguards your data so the data cannot be accessed or compromised by co-tenants.
2. Multi-Factor Authentication
Multi-factor authentication enhances security in a multi-device and cloud-centric world. We provide an in-house solution for multi-factor authentication with a phone call, text message, or notification on a dedicated app. We also support third-party multifactor authentication solutions.
3. Data Location Security and Access
Office 365 customer data is stored in Microsoft data centers geographically distributed and protected by layers of defense-in-depth security. Microsoft data centers are built from the ground up to protect services and data from harm by a natural disaster, environmental threats, or unauthorized access. Office 365 is designed for high availability and runs in geo-redundant data centers with automatic failover capability.
Datacenter access is restricted 24 hours a day by job function and monitored using motion sensors, video surveillance, and security breach alarms. Physical access controls include perimeter fencing, secure entrances, on-premises security officers, continuous video surveillance, and real-time communications networks.
Multiple authentication and security processes—including badges and smart cards, biometric scanners, and two-factor authentication—protect against unauthorized entry. Automated fire prevention and extinguishing systems and seismically braced racks protect against natural disasters.
Besides this map, Microsoft does not disclose the specific location; the sites are not identified with a sign. I bet you are not even close to having that kind of physical security at your office. 😊 Check where your data is here.
4. No Accessing or Mining Your Data for Advertising
Some online services scan the information you store to advertise other services. That is means that third parties view your data. Not with Microsoft, Privacy controls are enabled by default for all customers of the service. They allow you to turn off and on privacy impacting features to meet the needs of your organization.
Microsoft contractually commits to robust privacy and security measures in the data processing terms of your agreement.
5. Independent Verification and Compliance
Office 365 is verified to meet the requirements specified in ISO 27001, European Union (EU) Model Clauses, the Health Insurance Portability and Accountability Act Business Associate Agreement (HIPAA BAA), and the Federal Information Security Management Act (FISMA), just to name a few. Learn more about: Compliance certifications for Office 365.
Microsoft has built over 900 controls in the Office 365 compliance framework to stay up to date with the ever-evolving industry standards.
6. Data Encryption
This cloud-based service allows your organization to deliver confidential business communications with enhanced security, allowing users to send and receive an encrypted email as quickly as a regular email directly from their desktops.
7. Data backups and redundancy
Microsoft applies best practices in design and operations, such as redundancy, resiliency, distributed services, and monitoring—to name a few. They even started publishing their quarterly uptime numbers for the service.
8. Uptime service commitment
Microsoft offers 99.9% uptime via a financially backed service level agreement. If a customer experiences monthly uptime less than 99.9%, Microsoft will compensate that customer through service credits.
9. Rights Management Service
This cloud-based service uses encryption, identity, and authorization policies to help secure your files and email, and it works across multiple devices—phones, tablets, and PCs. Information can be protected both within your organization and outside your organization because that protection remains with the data, even when it leaves your organization’s boundaries.
10. Enterprise Mobility Suite & Intune
You can use Microsoft Intune mobile-device management to manage and protect devices across Windows, Apple iOS, and Android platforms. You can identify, monitor, and protect sensitive information with data-loss prevention controls in mobile application management.
To build comprehensive cloud application security that safeguards all your apps, EMS includes excellent visibility, threat detection, attack prevention, and profound shadow IT discovery. You can monitor user behavior and data flow characteristics for detailed insight into how your users work with cloud apps.
As you can see, Microsoft makes every effort to keep your data secure. The Office 365 platform incorporates security at every level, from application development to physical data centers to end-user access. Today, fewer and fewer organizations can maintain an equivalent level of security on-premises at a reasonable cost.
Have something to add? Leave a comment. 👇