Home > Articles

Office 365, SharePoint Online, and My Data: How Safe Is It?

  • Print
  • + Share This
With organizations around the globe having internal legal and compliance discussions regarding cloud computing and what data is safe, if any at all, to store in the “public cloud,” this article is meant to shed light on the real-life security measures that Microsoft has taken to protect Office 365’s data. With Apple reeling from their recent iCloud data breach nightmare, Sharepoint expert Errin O’Connor discusses what Microsoft is up to around information security around Office 365 and your data.
From the author of

A major area of concern about Office 365 is the lack of understanding about how and where the data itself is stored and what proactive measures are being taken to ensure that your data is safe. As part of my research and my ongoing consulting efforts at EPC Group in relation to Microsoft SharePoint 2013 and Office 365 and advertised underlying service level agreements (SLAs), recently I was able to take a tour of an Office 365 data center/facility and hear firsthand from Microsoft some of the steps they are taking to help customers feel at ease about their data.

With any data that is outside your organization’s direct control (that is, outside of your on-premises network), there are justifiable concerns. One of the main detractors a lot of large organizations or organizations with sensitive or proprietary data are wary of is the hosted cloud model. This article details what Microsoft is doing in terms of protecting data within Office 365, as well as the precautions they are taking to address these security concerns.

Understanding the Physical Hardware Behind Office 365

The actual Office 365 data itself is stored in the Microsoft network of data centers led by Microsoft’s Global Foundation Services. These data centers are located around the world in strategic locations to take into consideration business continuity, disaster recovery, and government stability throughout the globe. Microsoft has architected and literally built these data centers from the ground up to protect services and data from not only natural disaster but physical intrusion or physical attack and unauthorized access as well. Per Microsoft’s statement, “Data center access is restricted 24 hours per day by job function so that only essential personnel have access to customer applications and services.” There are multiple failover controls and security processes.

The security processes include badges and smart cards, biometric scanners, on-premises armed security officers, and 24/7 continuous video surveillance, including various two-factor authentication methods. There are also motion sensors and security breach alarms, as well as seismically braced racks where required, and automated fire prevention and extinguishing systems in case of natural or man-made disasters.

  • + Share This
  • 🔖 Save To Your Account