With about 100 petabytes of data flowing through Office 365 at all times, Microsoft has gone beyond the traditional means of information security in 2016. In doing so, they’ve moved away from the default “everyone needs the same security” platform and placed the decisions into your hands.
Now, highly customizable security controls are built into the service itself, depending on your company’s needs.
But before jumping in and editing all your Office 365 security controls, we recommend you consider the following 4 points carefully.
1) Backing up your data in the cloud
This is where your specific company and industry regulations need to be considered. Popular compliance codes like HIPAA, SOX, or PCI should be looked at and brought into play.
Why is this important? Microsoft has recently changed the default Office 365 default settings for important items. An example of one of these changes is the fact that deleted files now stick around indefinitely instead of clearing up 30 days after being deleted.
2) Data Encryption in Office 365
Again, companies need to think about any regulations or compliance codes that apply to their business here. If your company isn’t encrypting personally identifiable data that it should be, there could be some serious penalties.
If you’re not sure, staying safe with a third-party encryption application is not a bad idea. Using your own encryption tools is the only way to know your data is truly encrypted.
3) Data privacy regulations
If you’ve got international dealings and contacts overseas, it’s likely you’ll want to edit your Office 365 controls. Not too long ago, companies with European customer data struggled with cloud safety due to safe harbor laws.
Even if the idea of “cloud storage” is infinite unregulated, the location of the servers still dominate the privacy regulations.
4) Controls in Office 2016
Microsoft just recently pushed out new Data Loss Prevention controls through policies that you can set manually. These controls come into play when doing things like creating an excel doc with sensitive customer data in it only to receive an automatic notification from Office 365.
This example can span across all Office products and has a wide variety of custom actions you can set based on your company’s needs.
Key Notes
Fortunately, you don’t need a wealth of technical knowledge or a professional IT guy to get this stuff done. You just need your inside people.
Gather someone with compliance knowledge and a high level manager and talk about what needs to be done to keep your Office 365 data safe after taking a look at the control options. No longer does security in the cloud mean just having a good security provider. Data security for Office 365 lands squarely on the shoulders of all employees, whether we like it or not.
As a Microsoft partner, we’ve been using their services to manage the security of our clients for years. Let us know if you’d like to keep your data safe, too.
Image credit: https://pixabay.com/en/building-cologne-facade-1011876/