Can you really trust Office 365? How can users protect themselves?
At DBJ.ORG we know security is a top priority of our customers and this is one that we are working on
Office 365 is a security-hardened service, designed following the Microsoft Security Development Lifecycle. Microsoft bring together the best practices from two decades of building enterprise software and managing online services to give you an integrated software-as-a-service solution.
At the service level, Office 365 uses the defence-in-depth approach to provide physical, logical, and data layers of security features and operational best practices. In addition, Office 365 gives you enterprise-grade, user and admin controls to further secure your environment.
When you ask about Office 365 security it helps to consider security at a number of different levels. At DBJ.ORG we like to think of cloud security from four dimensions:
This post focuses on what is built-in with Office 365:
Built in security
- 24-hour monitoring of data centers.
- Multi-factor authentication, including biometric scanning for data center access.
- Internal data center network is segregated from the external network.
- Role separation renders location of specific customer data unintelligible to the personnel that have physical access.
- Faulty drives and hardware are demagnetized and destroyed
- Lock box processes for strictly supervised escalation process greatly limits human access to your data.
- Servers run only processes on white list, minimising risk from malicious code.
- Dedicated threat management teams pro-actively anticipate, prevent, and mitigate malicious access.
- Port scanning, perimeter vulnerability scanning, and intrusion detection prevent or detect any malicious access.
- Encryption at rest protects your data on our servers.
- Encryption in transit with SSL/TLS protects your data transmitted between you and Microsoft.
- Threat management, security monitoring, and file/data integrity prevents or detects any tampering of data.
Admin and user controls
- Rights Management Services prevents file-level access without the right user credentials.
- Multi-factor authentication protects access to the service with a second factor such as phone.
- S/MIME provides secure certificate-based email access.
- Office 365 Message Encryption allows you to send encrypted email to anyone.
- Data loss prevention prevents sensitive data from leaking either inside or outside the organization.
- Data loss prevention can be combined with Rights Management and Office 365 Message Encryption to give greater controls to your admins to apply appropriate policies to protect sensitive data.