NYES Digital Support

7

Office 365 – Is My Data Safe?

So you’ve decided to make the move to Office 365. But there is one question you might be asking. Is my data safe? Rest assured that Microsoft takes the safety of your data very seriously.

  • Security – Office 365 uses a ‘defence-in-depth’ approach to provide industry-leading security for their datacentres and customer data. Microsoft also give you enterprise-grade user and administrative controls to further secure your data.
  • Compliance – Microsoft’s data processing agreement details the privacy, security, and handling of customer data, which helps you comply with local regulations. A specialist compliance team continuously tracks standards and regulations, to ensure that Office 365 stays up to date with any changes, for example GDPR.
  • Privacy – When you entrust your data to Office 365, you remain the sole owner of that data: you retain the rights, title, and interest in the data you store in Office 365. Microsoft’s policy is to not mine your data for advertising purposes or use your data except for purposes consistent with providing you cloud productivity services.

You can use the Service Assurance area within the Office 365 Security and Compliance centre to access documents that provide information about how Microsoft maintains the security, privacy and compliance of Office 365. Use the Audited Controls, Compliance Reports, and Trust Documents features to perform your own risk assessment and gain confidence that Office 365 meets the security and regulatory requirements of your organization. For an overview of all aspects relating to data security, privacy and compliance, please see the Microsoft Trust Centre.

Security

When it comes to security features, there are broadly two types of categories: 1) built-in security and 2) customer controls. Built-in security represents all the measures that Microsoft takes on behalf of all Office 365 customers to protect your information and run a highly available service. Customer controls are features that enable you to customize Office 365 to meet the specific needs of your organization.

  • Microsoft restrict physical data centre access to authorized personnel and have implemented multiple layers of physical security, such as biometric readers, motion sensors, 24-hour secured access, video camera surveillance, and security breach alarms.
  • Microsoft enable encryption of data both at rest and via the network as it is transmitted between a data center and a user.
  • Microsoft regularly back up your data.
  • Microsoft enforce “hard” passwords to increase security of your data.

If your files are stored in OneDrive or SharePoint, then if you accidentally delete it you have 93 days during which you can recover it from the recycle bin. If you accidentally empty your recycle bin during that time the file can still be recovered from a second stage recycle bin during that 93 day period. Also, when files are stored in OneDrive and SharePoint they are subjected to ‘versioning’. This means that when you make a change, a new version of the file is saved. If you don’t like the change you can go back to a previous version. By default up to 100 versions are saved. Finally Restore your OneDrive is a new feature that lets you set the whole of your OneDrive back to any point in time over the last 30 days. It is an easy way to revover from an unexpected corruption of files within your OneDrive.

There are also many built in features that you can make use of to further secure your data, such as Data Loss Prevention (DLP), Multi-factor authentication (MFA) and built in mobile device management (MDM). Read more about them in Office 365 Security and Compliance Features. If you are interested in seeing how secure your Office 365 is, and how you can improve your security then why not have a look at Office 365 Secure Score .

Secure Score analyses your Office 365 organization’s security based on your regular activities and security settings and assigns a score. Think of it as a credit score for security. Using Secure Score helps increase your organization’s security by encouraging you to use the built-in security features in Office 365, many of which you already purchased but might not be aware of. Learning more about these features as you use the tool will help give you peace of mind that you’re taking the right steps to protect your organization from threats.

Compliance

Compliance is an on-going process and a shared responsibility. By putting your data into Office 365 you are partnering with a company that can help you meet your data compliance needs. GDPR is probably the biggest compliance challenge you currently face, and  Microsoft Office 365 products and services provide powerful tools and solutions for GDPR compliance.

To find out more about compliance in Office 365 please see https://products.office.com/en-us/business/office-365-trust-center-compliance

Privacy

You are the owner of the data; Microsoft is the custodian or processor of your data. It’s your data, so if you ever choose to leave the service, you can take your data with you. Microsoft do not mine your data for advertising purposes.

Microsoft use your data only for purposes consistent with providing you services you pay for. Click here if you would like to learn more about how Microsoft use your data.

If a government approaches Microsoft for access to customer data, they redirect the inquiry to you, the customer, whenever possible. Microsoft have challenged and will challenge in court any invalid legal demand that prohibits disclosure of a government request for customer data.

Watch this video to find out more about what it means to own your data in Office 365.