Office 365, SharePoint Online, and My Data: How Safe Is It?
- Understanding the Physical Hardware Behind Office 365
- Office 365 and Network Security at Microsoft
- Antivirus and Anti-Spam
- Can Others See Your Data?
- What Type of Encryption Is Deployed?
- How Proactive Is Microsoft Being to Protect Your Data?
A major area of concern about Office 365 is the lack of understanding about how and where the data itself is stored and what proactive measures are being taken to ensure that your data is safe. As part of my research and my ongoing consulting efforts at EPC Group in relation to Microsoft SharePoint 2013 and Office 365 and advertised underlying service level agreements (SLAs), recently I was able to take a tour of an Office 365 data center/facility and hear firsthand from Microsoft some of the steps they are taking to help customers feel at ease about their data.
With any data that is outside your organization’s direct control (that is, outside of your on-premises network), there are justifiable concerns. One of the main detractors a lot of large organizations or organizations with sensitive or proprietary data are wary of is the hosted cloud model. This article details what Microsoft is doing in terms of protecting data within Office 365, as well as the precautions they are taking to address these security concerns.
Understanding the Physical Hardware Behind Office 365
The actual Office 365 data itself is stored in the Microsoft network of data centers led by Microsoft’s Global Foundation Services. These data centers are located around the world in strategic locations to take into consideration business continuity, disaster recovery, and government stability throughout the globe. Microsoft has architected and literally built these data centers from the ground up to protect services and data from not only natural disaster but physical intrusion or physical attack and unauthorized access as well. Per Microsoft’s statement, “Data center access is restricted 24 hours per day by job function so that only essential personnel have access to customer applications and services.” There are multiple failover controls and security processes.
The security processes include badges and smart cards, biometric scanners, on-premises armed security officers, and 24/7 continuous video surveillance, including various two-factor authentication methods. There are also motion sensors and security breach alarms, as well as seismically braced racks where required, and automated fire prevention and extinguishing systems in case of natural or man-made disasters.