Office 365 Security - Can You Really Trust Microsoft With Your Data?

If you’re considering migrating to Microsoft Office 365, then chances are you have one thing on your mind: security.

So, can you really trust Microsoft with your data?

The thought of moving something as valuable as your corporate data outside of your company walls and entrusting it to a third party, can be a frightening one - even when that third party is a household name such as Microsoft.

If you’ve read all about the benefits of Microsoft Office 365 but still have some questions regarding cloud security, then in this article we’ll be providing the answers!

We’ll be tackling all the tough questions organizations ask us, when they’re considering migrating to the cloud - including whether Microsoft own your data; where your data will be physically stored; and what exactly happens if you decide to cut ties with Microsoft, after handing them all your precious corporate data.

Along the way, we’ll also be taking a quick look at Microsoft’s history in the security sector (the good and the bad!) And, if you do decide to switch to Microsoft Office 365, then we’ll be answering the most important question of all: is there anything I can do, to help Microsoft keep my data safe?

Microsoft security: From worst in class, to best in class 

When it comes to security, Microsoft’s reputation hasn’t always been the best. In fact, in 2007 working for Microsoft Security was considered one of the worst jobs in science alongside researching whale feces and spending your days scuba diving in toxic sludge! However, this changed dramatically when Microsoft pledged to invest $1 billion every year, into improving the security of their products. 

On top of this $1 billion investment, Microsoft spent the next few years snapping up a string of security-focused firms and integrating their technology into Microsoft products, including cloud and enterprise security startups such as Aorato, Secure Islands and Adallom.

This investment has paid off, with Azure Government CISO Matthew Rathbun recently revealing that Microsoft successfully fend off 7 trillion cyber threats every single day.

Today, security specialists have high praise for Microsoft, including the chief research officer for Finnish security company F-Secure, who recently stated that Microsoft have “changed themselves from worst in class to the best in class. The change is complete.” 

If you’re eager to experience the benefits of cloud computing, then Microsoft have proven that they’re committed to continuously improving the security of their cloud-based products and services, and we believe there’s no better time to make the switch to Microsoft Office 365.

Migrating to the cloud: Answering your top security concerns 

At Systems Assurance, we have extensive experience helping businesses migrate to Microsoft’s various cloud offerings, and over the years we’ve noticed that many organizations have the same questions: 

1. When I upload my data to Microsoft services, where does it go? 

For many businesses, where their corporate data is being stored can be a huge cause for concern.

Microsoft stores your raw data in physical data centers that are protected by a number of security measures. Firstly, the location of these data centers isn’t public knowledge, and Microsoft have automated their service operations to require minimal human interaction, to the point where even the employees working at these data centers cannot access your data.

To further prevent unauthorized access, Microsoft’s data centers are guarded by outer and inner parameters with increasing security at every level, including perimeter fencing, biometric scanners, locked server racks, multi-factor authentication, integrated alarm systems and 24 hour video surveillance. Access to your data is also logged, with Microsoft and trusted third parties performing regular audits to confirm that no unauthorized access has taken place. 

2. Will other Microsoft customers be able to access my data? 

Most Microsoft business cloud services are multitenant services, which means there’s a chance that your data will be stored on the same physical hardware as another customer’s. 

For many potential cloud users, this raises concerns about their data “leaking” into another organization’s data, but Microsoft uses logical isolation and specialized technology to segregate data storage and data processing, for each individual customer.

Microsoft will also overwrite any storage resources before reusing them, and will purge or destroy any decommissioned hardware. Even if you cancel your Microsoft subscription or upgrade to an entirely new set of hardware, you can be confident that your data will not be combined with any other customer’s data, via hardware reuse.

3. Will Microsoft own my data?

Both the Microsoft Trust Center and the Microsoft Services Agreement make it clear that Microsoft do not claim ownership over any of the data or content you upload to their services.

4. Will Microsoft still have access to my data, if I cancel my subscription? 

If you decide to cancel your Office 365 subscription, then Microsoft will retain all of your data for 90 days. This gives you some breathing space to download or copy your content to a new server, or even change your mind and renew your Microsoft subscription before your data is lost forever.

Following this 90 day data retention period, Microsoft will automatically disable your account(s) and purge all of your data, including all caches and backups, so you don’t need to worry about Microsoft hanging onto your data indefinitely.

5. Do Microsoft share my data with any third parties? 

As explained over at the Microsoft Trust Center, Microsoft do not share your data with third parties, including advertiser-supported services. They also do not mine any of your data for marketing or advertising purposes.

6. Is there anything I can do, to make my accounts more secure? 

If you make the switch to Microsoft Office 365, then it’s important to recognize that your own employees represent your biggest cloud security threat. The potential for insiders to wreak havoc within an organization is widely known, and has even been acknowledged by the FBI, who published a report stating that: 

“A company can often detect or control when an outsider (non-employee) tries to access company data either physically or electronically, and can mitigate the threat of an outsider stealing company property. However, the thief who is harder to detect and who could cause the most damage is the insider—the employee with legitimate access.”

The good news is that there’s plenty of steps you can take, to help Microsoft keep your data safe.

Help Microsoft Keep Your Data Safe


01 Audit your account privileges.

 

When you think about unauthorized access, chances are you imagine some mysterious hacker, maliciously bypassing your security features in order to gain access to confidential corporate information. However, according to McAfee’s “Definitive Guide to Cloud Threat Protection,” 57.5% of all unauthorized access is caused by authorized users, who simply have the incorrect account privileges.

 

Perhaps you’re working to a tight deadline and give an employee “temporary” admin access so they can work without your input, or maybe you don’t rush to archive an ex-employee’s user account. On the surface, these actions may seem relatively harmless, but they represent one of the biggest security threats to your organization, with McAfee reporting that the average enterprise experiences 3.3 privileged user threats every single month.

 

To secure your data against privileged user threats, you should perform a complete audit of your Microsoft Office 365 user base at least once every six months. 


02 Remember to revoke ex-employee access.

 

Hopefully, you’ll part ways with all your employees on good terms. However, every time a current employee becomes an ex-employee, there’s a chance they might sabotage your corporate data, including deleting important documents or client emails. 


Don’t fall into the trap of keeping an account active “just in case.” In order to protect yourself against ex-employees who might steal, damage or delete your data, you’ll need a clear process for archiving and deleting old user accounts.

 

It’s also important to create a unique login for every user. While it may be convenient to have a default password that’s automatically assigned to new employees, this is also a great way to ensure that ex-employees can continue to access your data, even after you’ve deleted their user account.




Want more tips and tricks, on how to ensure your Office 365 data remains private? Then check
out our
Top 7 Ways to Secure Microsoft 365 post, where we cover Multi-Factor Authentication,
Mobile Device Management, and more.



Claim Your One Month FREE Trial of Microsoft 365 E5 Today.

Speak to a member of our team today 0114 292 2911 or email sales@systemsassurance.com if you need any assistance.

Share this article on social media

If you found this article useful, please share it on social media. 

Subscribe to our blog...

We will only use your email to send you new blog posts.