One of the main concerns of companies in choosing a Cloud collaboration platform, in which the Office 365 platform is an example, is the security of their information. One of the biggest compliance, security, and privacy challenges in Office 365 is related to the demystification that having the information in the Cloud is less secure than if it resides on the premises of the organizations themselves. To address these same concerns, Microsoft has made a very strong investment in the areas of security, compliance and privacy in the Office 365 platform.
In fact, the Office 365 platform provides users and system administrators with several features to address needs and apply a set of best practices in the areas of security, privacy and compliance. Below we present some of the main features natively offered by the platform.
Regarding Security, the Office 365 platform ensures the encryption of data in transit and at rest. At rest, Bitlocker technology is used to encrypt all information on the servers’ hard drives. In addition, all files are segmented (in small pieces called chunks) and each segment is individually encrypted and encryption keys are securely stored in a different physical location.
In transit, all files are encrypted with TLS using 2048-bit keys.
Regarding Privacy, it is possible to define differentiated access policies based on 4 vectors: user, device, location and sensitivity of the information. Some examples include defining a time bound window when sharing information or only allow sharing with certain domains.
In what regards to Compliance, the main concern is to define a set of rules that allow sensitive information to be protected and to prevent the leakage of sensitive information outside of the organization. The Office 365 platform offers the following features to address this need:
- Data Loss Prevention: allows organizations to create policies to protect their most sensitive information. Example: prevent documents with credit card information or citizen card numbers from being shared outside the organization.
- Information Rights Management: allows organizations to create policies that protect the content of documents stored in the Office 365 platform. Examples: prevent documents from being printed and prevent “Copy & Paste” from document contents. It is important to note that IRM policies continue to apply after documents are downloaded and viewed offline.
Using DLP together with IRM provides a very powerful combination in order for companies to protect their most sensitive documents.
- Mobile Device Management: allows organizations to create policies to manage security when accessing corporate information using mobile devices. Examples include defining PINs to access corporate information, prevent sensitive content from being copied from an corporate document to personal applications (prevent for example a user from copying credit card numbers to the body of an email and sending it to someone outside of the organization) or prevent Screen Capture of information within sensitive documents.
These are just a few of the examples of the vast set of features available to users and administrators to protect information residing on the Office 365 platform.
A very important note is that Microsoft does not have access to the organization’s data and the only occasions where this may be necessary is in resolving support incidents that require access to the data. In these cases, and using a feature called Customer Lockbox, the customer can approve or reject access requests, and access is only granted in case the request is approved. In addition, all accesses are audited to ensure the transparency of the process.
Security is therefore and increasingly not only a central concern for customers who evaluate a migration to the Cloud but rather a concrete reality for those who already enjoy it.
In you are interested in learning more about this subject, you can check out: