Intelligent Security in Office 365

Intelligent Security in Office 365
Intelligent Security in Office 365 - Opinion Article by Miguel Isidoro, SharePoint & Office 365 Senior Consultant at Create IT

One of the main concerns of companies in choosing a Cloud collaboration platform, such as Office 365 platform, is the security of their information. One of the biggest compliance, security and privacy challenges in Office 365 is related to the demystification that having the information in the Cloud is less secure than if it resides on the premises of the organizations. To address these concerns, Microsoft has made a very strong investment in the areas of security, compliance, and privacy in the Office 365 platform.

In fact, the Office 365 platform provides users and system administrators with a number of features to address these needs and apply a set of best practices in the areas of security, privacy, and compliance. Below we present some of the main features natively offered by the platform.

With regard to Security, the Office 365 platform ensures data encryption in transit and at rest. At rest, Bitlocker technology is used to encrypt all information on server hard drives. In addition, all files are segmented (in small pieces called chunks) and each segment is individually encrypted. Encryption keys are securely stored in a different physical location than the files. In transit, all files are encrypted with TLS using 2048-bit keys.

Regarding Privacy, it is possible to define differentiated access policies based on 4 vectors: user, device, location, and information sensitivity. Some examples include defining temporary windows of information sharing and only allowing sharing of information with certain domains.

In terms of Compliance, the main concern is the definition of rules that allow to protect sensitive information and to prevent the leakage of this information outside the organization. The Office 365 platform offers the following features to address this need:

  • Data Loss Prevention: allows defining policies that protect the sensitive information of the organization. Example: Prevent documents with credit card information or citizen card numbers from being shared outside the organization.
  • Information Rights Management: allows defining policies that protect the content of documents stored on the Office 365 platform. Examples: Prevent documents from being printed and prevent "Copy & Paste" from document contents. It is important to note that IRM policies continue to apply even though documents are downloaded and viewed offline.
  • Mobile Device Management: allows defining policies that enable to manage security in accessing information from mobile devices. Examples: Define PINs to access organization information, prevent sensitive content from being copied from an organization document to personal applications (prevent copying credit card numbers to the body of an email and sending them to someone outside the organization ), and prevent Screen Capture.

These are just a few examples of the vast set of features available to users and administrators to protect information residing on the Office 365 platform.

Also note that Microsoft does not have access to the organization's data and the only occasion where this may be necessary, is in resolving support incidents that require access to the data. In these cases, and using a feature called Customer Lockbox, the customer has the ability to approve or reject access requests, and access is only granted in case the request is approved. In addition, all accesses are audited to ensure the transparency of the process.

Miguel Isidoro
SharePoint & Office 365 Senior Consultant at Create IT