With the recent widespread adoption of the cloud, security has become a top priority and a top concern. In a report published this year, 92% of businesses are concerned about the shared cloud infrastructures security and nearly half of businesses find security a barrier to cloud adoption.
We want to look at Microsoft Office 365 and show how your data could actually be more secure in Microsoft’s data centre than it would being kept on-site. As one of the main concerns to cloud security can be the fear of having your data stored offsite where you cannot “see” it, you have to think about the policies and procedures in place that your cloud service provider (CSP) will enforce compared to what you will be able to enforce on-site.
Do you feel confident that your organisation has better security measures in place keeping your data on-site than Microsoft will have in its data centre? To do this we want to outline all the security measures in place at Microsoft’s Dublin data centre, which would hold UK businesses data.
Microsoft Office 365 Security: In-depth
Customer Lockbox:If Microsoft do ever need to access your data (normally if a support case is logged) then a request will be sent to the administrator who can accept or reject the request, giving you explicit control and ensuring nobody can see your data.
Data use:Microsoft will not use your data for advertising data, mining or data sharing. If you ever choose to leave Office 365, then you can download and remove all you data independently.
Dual encryption:All of your data is encrypted both at rest and in transit when going between the data centre and the end user.
Dedicated threat management team: Microsoft have a dedicated team who proactively anticipate, prevent, and mitigate malicious access to your data.
Customer controls: As well as the controls Microsoft enforces there are customer controls that businesses can implement to customise the security to meet any needs of your organisation.
Transparency: You can see where your data is located, if you give permission for Microsoft to access your data (such as for a support case) then who in Microsoft has accessed it and you can check uptime status – which is guaranteed at 99.9%
Minimal human intervention: As the main cause of security breaches are internal, the data centres maximise automation to reduce human intervention.
Optimised location: The sites of all of Microsoft’s data centres have been carefully planned to ensure there is a minimal risk of any natural disaster, choosing areas that are not prone to flooding, near fault lines etc. to minimise risk.
The building itself: The Dublin data centre was constructed solely to be a data centre. It has been built from the ground up to be secure, difficult to access and optimised for secure, data storage.
24-hour surveillance: The data centre is protected by 24-hour video surveillance and patrolling guards – making it very Fort Knox.
Multi-authentication: For those who do need to access the site they have to pass multiple levels of security, such as screening, guards and biometric scanning.
Best practices: To ensure reliability best practiced are enforced such as redundancy, resiliency, distributed services and monitoring.
Independent verification: Microsoft have many security commitments and certifications, such as: DPA (data processing agreement), HIPAA business associate agreement, EU model clauses, ISO 27001, FISMA and Fedramp to name a few.
Testing: Microsoft regularly conduct penetration testing to improve security controls and also give you the ability to carry out authorised testing too (but must be pre-approved).
Evolution: Perhaps one of the most important factors to finish on is Microsoft’s commitment and requirement to continually innovate and advance its security. As such as well-respected and widely used CSP, they must have the very latest technology and will dedicate large sums of money, time and resources to maintain this.
Get more detailed information
For more in-depth technical detail, visit Microsoft’s website dedicated to Office 365 security with everything you could need to know on their security: go to the Office 365 Trust Centre.
There are very few SMEs who could come close to having the same security and data protection levels in place that Microsoft have. What’s more, Microsoft have a commitment to ensuring their security stays ahead of the technology curve by investing large quantities of time, resources and staff into its continual improvement. Security is an ever-changing landscape and businesses will need to keep ahead of potential threats. By benefiting from Office 365’s features and functionality, you also benefit by having Microsoft’s continued investment in your security and as shown above it is already more advanced than anything most businesses could hold on-site.