Is Office 365 Secure? Here’s Why You Shouldn’t Fear the Cloud

Security concerns have held many companies back from moving their infrastructure to the cloud. As an IT security professional, you’re taught to always implement the latest security measures to protect data and keep your organization running at full speed. As a result, you might have trouble trusting your infrastructure to a third-party service like Microsoft Office 365. Like most IT managers, you’re left wondering: Is Office 365 secure?

Security Concerns With Office 365 & the Cloud

Simply put, security concerns surrounding the cloud are valid. After all, data is the lifeblood of your company. IT managers are also tasked with protecting corporate data, so it’s understandable they’d be hesitant to trust that data to someone else.

Within security, here are other concerns customers often relay and the answers we provide:

• I don’t want Microsoft to access my data! There is zero standing access to data if stored in the Microsoft Cloud. Microsoft controls access through auditing, approval processes and roles-based access. (Watch this video for a complete explanation from Microsoft VP Perry Clarke and Vivek Sharma, Partner Group Program Manager.)

• How do I know my data will be secure from hacking? No system in the world is hack-proof. Microsoft has recommended companies use the Microsoft Trust Center and set the Office 365 Security Analytics Service to the Microsoft-recommended settings.

• How do I know other companies won’t be able to access my data? To access your data in Office 365, someone must first authenticate with your Active Directory using Azure Active Directory Connect , Active Directory Federation Services or directly with Office 365 Azure AD.Another concern is how to ensure unauthorized individuals won’t access company data. Azure Rights Management is a cloud-based service that uses encryption, identity and authorization policies to secure files and email across phones, tablets and PCs.

• If I give Microsoft my data, won’t they own it? Microsoft does not own or use your data for any reason. In fact, if you cancel your Office 365 subscription, Microsoft will only retain your data for a maximum of 90 days before purging. This retention period gives an organization time to retrieve their data. For more information on data retention, check out this article in the Microsoft Trust Center.

• What if I want to move my data back to my servers. Won’t Microsoft still have a copy? Similar to the concern above, Microsoft will purge your data after 90 days.

• Could disgruntled Microsoft employees potentially access and share my data? Microsoft has taken strong measures to limit access to customer data (including from Microsoft personnel and subcontractors). For more information on who can access data, Microsoft publishes a report of its subcontractors (including its Online Services Terms and Microsoft Commercial Support teams). For more information about who can access Microsoft data and on what terms, check out this article.

• I don’t want to send my data over the public Internet! Microsoft uses service-side technologies that encrypt customer data at rest and in transit. At rest, Office 365 uses volume-level and file-level encryption. In transit, Office 365 uses multiple encryption technologies for communications between datacenters and between clients and servers, such as transport layer security and Internet protocol security.For companies that want to limit their data and communications from the public Internet, there is also Azure ExpressRoute, which allows you to add a direct network connection to Microsoft Servers and other cloud services.

• Moving my data to Office 365 would violate my industry compliance requirements! Compliance looks different for every organization and industry, so I won’t assume Office 365 will meet the security requirements for all business. As always, I recommend contacting your legal team before jumping into any service. For more information, the Security and Compliance Center covers topics such as archiving, data loss prevention, device management and much more.

A lack of control with the cloud would make any IT professional uneasy. But the reality is that public clouds are often more secure than on-premises infrastructure. And with Office 365, you’ve covered well beyond the Exchange platform.

Office 365 Security Goes Beyond Exchange

One of the biggest misconceptions of Office 365 is that it only applies to Exchange. But Office 365 is much more than a hosted Exchange environment. Office 365 is a customizable information security platform that allows subscription-based clients to secure their data, improve workflow and save on technical resources.

Office 365 is built around Microsoft Office, at least to end users. But Office has been transformed with Office 365. The platform enables the mobile workforce to collaborate easily using Office 365 Online Apps. Users can share and collaborate on documents and presentations in a secure environment in real time — from anywhere with an Internet connection.

Data security is a major worry for IT managers with a mobile workforce. Microsoft has optional data security measures through Azure that allow you to track and secure documents from anywhere in the world.

Why Microsoft Is the Cloud Standard

With security as the driving factor for Microsoft, the company has included a financially backed SLA with a 99.9% uptime guarantee with every Office 365 subscription. No matter how skilled your internal IT staff is, most companies can’t come close to 97% uptime.

Besides the great SLA from Microsoft, its track record with Office 365 is second to none in the cloud community. While other companies such as Amazon Web Services have great offerings mostly geared toward IT infrastructure, they lack in end user productivity. Be sure to do your due diligence before you select a cloud company.

I hope this article gives you the resources you need to confidently answer: Is Office 365 is secure? To learn more about Office 365 consulting services, Azure and other cloud services, contact Agile IT here.

Tyjon Hunter MCSA (Microsoft Certified Solutions Associate)