The Complete Guide to Ransomware [Updated for 2022] Download eBook

Is Your Data Secure in Office 365?

Brian Jefferson
| 6 min read| Published On - November 18, 2020

It is completely understandable why organizations are concerned about the security implications of storing large amounts of valuable data in the cloud. After all, they have no direct control over the policies, procedures and technologies that are used to safeguard their data from malicious actors, which includes safeguarding the data from the service provider’s own employees.

However, it is always important to put things in perspective.

To start with, a reputable cloud service provider, such as Microsoft Office 365, will more than likely do a better job at keeping their data secure than most of the organizations using their services. Data security is, after all, an integral part of their business model, which means they have a lot to lose, were they to experience a serious data breach. And with a high-profile company like Microsoft, it’s not like they could easily brush a security incident under the carpet, which sometimes happens when companies are in charge of their own data security programs.

It’s also worth noting that the traditional approach to data security, which involves firewalls and intrusion prevention systems designed to keep the bad guys out, is becoming increasingly less relevant.

As more employees work from home or other remote locations, perimeter-based security strategies are being replaced with a more data-centric approach.

As such, it no longer matters if your data is stored in-house or in the cloud. If anything, storing data in the cloud will encourage organizations to embrace a more holistic approach to data security. To gain a better understanding of how secure your data is when using a popular cloud-based collaboration platform like Office 365, below are some of the key areas where Microsoft’s cloud security protocols outperform most organization’s in-house protocols.

Office 365 Servers and Physical Security

Microsoft operates between 10 and 100 data centres located across the globe, and the location of these data centres are kept a secret.

It would be hard enough for an attacker to find the rough location one of these data centres, let alone find the exact server that contains your data. Additionally, the premises that contain the data centres are fortified with motion sensors, 24/7 video surveillance, and use a biometric authentication system for accessing the server rooms.

Of course, hackers probably wouldn’t waste their efforts dangling from the ceiling in some kind of mission-impossible-style operation to get access to your mailing list, and they probably wouldn’t have the physical fitness to do so anyway.

One thing that is also worth noting is that the data centre where your files are stored will be located in the same region (not necessarily the same country) as what was specified when the subscription was first created. This is to limit the possibility of running into any regulatory compliance headaches.

Encryption of Data Both at Rest and in Transit

All Office 365 storage locations are encrypted using BitLocker, which uses the AES encryption algorithm with a 128-bit or 256-bit key. Data is transmitted using SSL (Secure Sockets Layer) to ensure that any sensitive data sent over HTTP cannot be intercepted by hackers. Information Rights Management (IRM) is also used by default to protect files from unauthorized copying, viewing, printing, forwarding, deleting, and editing.

Of course, on top of the encryption methods employed by Microsoft, there are always ways to encrypt the data yourself as an additional safeguard.

The Use of Data for Advertising Purposes

Many cloud and social media platforms, such as Gmail and Facebook, will use your information to provide you with targeted adverts. However, with Microsoft, privacy controls are enabled by default for all customers, which prohibit the mining of your data for such purposes.

While Microsoft won’t directly access your mailbox or OneDrive data for any reason, they will collect certain types of information relating to the way you use their services, to help them improve their services. However, this information is not shared with any third parties.

It should also be noted that the Admin Center allows you to audit all access to your information, which will give you added reassurance that nobody is snooping around.

Backup, Recovery and Account Termination

Naturally, Microsoft keeps regular backups of your files, and there are numerous recovery options available to you, such as Versioning and Recycle Bins. Should you decide to terminate your Office 365 subscription, for whatever reason, Microsoft will give you 90 days to export your data, during which time you will have limited account access.

Passwords and Multi-Factor Authentication

Office 365 enforces the use of strong passwords to mitigate the likelihood of a brute-force password attack. Additionally, it is possible to enable multi-factor authentication. With MFA enabled, when you login you will be required to type in a verification code provided by your authenticator app or sent to you by text message.

Privacy and Security Settings

Both administrators and regular users have the option to manage their privacy settings to determine who is able to see the data that belongs to them.

Microsoft Azure Leads the Industry in ISO Certifications

Finally, to provide further reassurance as to Microsoft’s commitment to keeping your valuable data out of the wrong hands, they have become the first major cloud provider to comply with a new set of privacy standards introduced by the International Organization for Standardization (ISO) and the Cloud Security Alliance (CSA).

Complying with a set of internationally recognized standards will make it easier to satisfy any regional or industry specific compliance requirements that are relevant to your organization.

At the end of the day, security concerns relating to storing sensitive data in the cloud will probably not go away. However, it is important to remember that there is a huge incentive for companies like Microsoft to minimize the likelihood of a data breach at all costs, as a failure to do so, would cost them a lot of business, and thus money.

Not only that, but if you are still concerned about the security of your data in the cloud, you can implement your own encryption protocols on top of the encryption that Office 365 provides.

If you want more peace of mind over how secure your Office 365 data is, you’ll need to implement stringent Office 365 auditing, as well as analysis on permissions and user behavior. Schedule a demo of the Lepide Data Security Platform to see how we can help you implement this in your environment.

Popular Blog Posts