Successful Office 365 Management: Security
Much of the administrative experience inside of Office 365 streamlines and automates tasks that you previously had granular control over within the individual on-premises workloads. From an auditing and compliance perspective, this means you need to understand:
- Your organizational requirements, standards, and policies.
- What capabilities are possible within each of your hybrid components, from discovery through technical enforcement.
- What can be managed centrally versus within each individual system or component, and by whom.
Whether your environment is on-premises, in the cloud, or in a temporary or permanent hybrid state, it is critical that organizations clearly understand their security and compliance requirements, and whether these requirements are being met. All planning should begin with a detailed, step-by-step review of security and compliance policies and procedures, mapping out how each of them is currently accomplished.
As organizations consider moving to the cloud, they should use this baseline to understand how each will be accomplished within the future environment, and how current metrics and key performance indicators (KPIs) will be updated.
The topic of cyber-security has become more visible in the past several years due to major breaches that have compromised the personal identity of millions of customers. Most organizations gather information about who they do business with, such as banks with credit card applications or software companies with customer logins and passwords, which requires that every company be vigilant in their security measures. Companies have an ethical obligation to safeguard their customers personal information.
What Microsoft provides
Microsoft Office 365 handles both trade secrets and other sensitive information, and it is critical that companies wanting to benefit from the platform can trust that it will not leak out sensitive information. You can find an overview of the Office 365 Security and Compliance Centers at https://docs.microsoft.com/en-us/office365/servicedescriptions/office-365-platform-service-description/office-365-securitycompliance-center
Additionally, Microsoft provides additional security guidance for several leading sectors:
- Public Sector details can be found here on Docs.Microsoft.com, including links to the Office 365 US Government service plan, and plans for Germany, China (21Vianet), and other Public Sector options.
- Education Sector details can be found within the service plan details at http://bit.ly/O365_EDU
- Financial Services Sector details can be found within the Microsoft Trust Center overview at https://www.microsoft.com/en-us/trustcenter/cloudservices/financialservices
- Healthcare Sector details can also be found within the Microsoft Trust Center overview at https://www.microsoft.com/en-us/trustcenter/cloudservices/health
Potential gaps that organizations should plan for
According to 2019 research conducted by CollabTalk and the Marriott School of Management at Brigham Young University, two areas that organizations need to supplement to ensure that their unique security requirements are being met include:
- Monitoring solutions that actively look for security breaches
- Data protection and recovery from loss and lack of adequate encryption
For more in depth data around this topic, download a free copy of the Office 365 Operational Success Playbook. In the next two posts in this series, I’ll highlight data and relevant links for Compliance and Governance.