- Understanding the Physical Hardware Behind Office 365
- Office 365 and Network Security at Microsoft
- Antivirus and Anti-Spam
- Can Others See Your Data?
- What Type of Encryption Is Deployed?
- How Proactive Is Microsoft Being to Protect Your Data?
How Proactive Is Microsoft Being to Protect Your Data?
Microsoft uses a methodology for the protection of Office 365 referred to as Prevent Breach. This is a defensive strategy aimed at predicting and preventing a security breach before it happens, but the defensive strategy connotation realistically contains offensive measures, including port scanning and remediation, perimeter vulnerability scanning, OS patching to the latest updated security software, network-level DDOS (Distributed Denial of Service) detection and prevention, and multifactor authentication for service access.
The processes Microsoft’s staff uses also involves continuous auditing of all operator and administrator access, as well as a review of subsets of actions. Access is granted for specific tasks on an as-needed basis to troubleshoot issues of the service should they arise. An interesting element I found is that the staff’s email is actually segmented during work on specific issues for an added layer of protection in regard to communications with other staff members during troubleshooting and so forth.
As in most data centers and highly sensitive environments, the staff members must pass background checks, and should an employee leave the organization, all of that employee’s accounts are deleted and his or her access is audited and scrutinized to prevent any lagging accounts from existing within the environment. The following is a list of prevention breach items that Microsoft has established regarding the proactive nature of Office 365 security:
- Port scanning and remediation
- Perimeter vulnerability scanning
- OS patching
- Network-level DDOS detection and prevention
- Auditing of all operator access and actions
- Zero standing permissions in the service
- Just-in-time elevations
- Automatic rejection of non-background-check employees to high-privilege access
- Automatic account deletion
- When employee leaves
- When employee changes groups
- When there is lack of use
- Isolation between mail environment and production access environment for all employees
- Automated tooling for routine activities