I have been talking with potential customers this week over their requirements for future IT and it became obvious that a Cloud solution was what was needed - specifically Office 365.
One thing that has come up time and time again were the questions "how secure is it?" and "we work with clients who might not think this is secure enough - is it?".
So I have taken the time to research this and as you might think Microsoft has produced the most comprehensive and high quality information on this - so I have taken some of this from Microsoft and reproduced it here for people to have an overview of Office 365 security. You maybe sceptical about Microsoft telling you how great Microsoft Office 365 security is, but what they say here makes sense and is logical and relevant and I believe provides good detail and explanation to most security questions.
"With Office 365, it’s your data. You own it. You control it. And it is yours to take with you if you decide to leave the service. The core tenets of our approach to earning and maintaining your trust are:
Built-in Security :
Office 365 is a security-hardened service, designed following the
Microsoft Security Development Lifecycle. We bring together the best practices from two decades of building enterprise software and managing online services to give you an integrated software-as-a-service solution.
At the service level, Office 365 uses the defense-in-depth approach to provide physical, logical, and data layers of security features and operational best practices. In addition, Office 365 gives you enterprise-grade, user and admin controls to further secure your environment.
Service-level security through defense-in-depth
Customer controls within the service
Security hardening and operational best practices
Privacy by design :
When you entrust your data to Office 365 you remain the sole owner of the data: you retain the rights, title, and interest in the data you store in Office 365. It’s our policy to not mine your data for advertising purposes or use your data except for purposes consistent with providing you cloud productivity services.
Your data is not used for advertising
You have extensive privacy controls
You can take your data with you when you want
Continuous Compliance
Office 365 is a global service and continuous compliance refers to our commitment to evolve the Office 365 controls and stay up to date with standards and regulations that apply to your industry and geography. Because regulations often share the same or similar controls, this makes it easier for Microsoft to meet the requirements of new regulations or those specific to your organization and industry.
In addition, Office 365 provides admin and user controls, including eDiscovery, legal hold, and data loss prevention, to help you meet internal compliance requirements. These require no additional on-premises infrastructure to use.
Proactive processes to meet your compliance needs
Customer controls for organizational compliance
Independently verified to meet evolving standards
Transparent Operations
Moving to a cloud service shouldn’t mean losing access to knowing what’s going on. With Office 365, it doesn’t. We aim to be transparent in our operations so you can monitor the state of your service, track issues, and have historical view of availability.
You know where your data resides and who has access
Visibility into availability and changes to the service
Financially backed guarantee of 99.9% uptime"
If you would like to read even more detail about the security that wraps Office 365 up then please go to
https://products.office.com/en-us/business/office-365-trust-center-cloud-computing-security?tab=7d4bf5d5-8549-acb8-3852-a62cc997fb45
I hope this has reassured anybody who has previously had doubts about Office 365 Cloud security and now understands that a great deal has been done to make O365 a robust and secure product that can be used with safety and reassurance.
