When Your CISO Says No: Security & Compliance in Office 365

Many organizations are hesitant to use cloud resources like Office 365, SharePoint Online and Azure due to assumptions that the Cloud is not secure. But with a little research into the volumes of security-centric documentation Microsoft provides, we can see that the Microsoft Cloud can provide compliance and peace of mind for even the most security-conscious organization.

Let’s examine some of the main areas where perhaps your resident Chief Information Security Officer might take issue with the Cloud, and then provide some details that may help answer your CISO’s toughest questions:

 “The Cloud is easier to hack / breach”: There is a familiar comfort to housing your server and data within the walls of your own server room or datacenter. But as the graphic below demonstrates, Microsoft takes a comprehensive approach to physical security, including armed guards and limited staff access. Also, with cutting-edge global threat intelligence and machine learning constantly analyzing potential issues, your protection from hackers is very solid.

When Your CISO Says No Blog Image 1

“We can’t have our information visible on the open internet…”: The Microsoft Cloud encrypts it’s data, both in-transit and at-rest. And rights management services like Azure Information Protection make sure your data is safe even when it’s being used outside your network. But if total control is necessary, consider Azure ExpressRoute, a private encrypted connection between your on-prem systems and the Microsoft Cloud.

When Your CISO Says No Blog Image 2

“We won’t be able to determine if our users are sharing and / or protecting the data appropriately…”: There is a robust auditing infrastructure in place that can give you insight into thousands of distinct events occurring in your cloud and on-prem environments. Also, admins have many controls available to them to control when and how Sharing can occur inside or outside of your organization, if at all.

When Your CISO Says No Blog Image 3

“I need for our ‘Need To Know’ and ‘Least Privilege’ policies to be supported…”: Auditing can certainly help in this area as well, but when you’re also using SharePoint to store and manage your important information, you can rely on proven security trimming through the built-in permissions management capabilities.

In addition, many organizations struggle with choosing one or more of the following protection philosophies:

  • Catch It Before It Happens
    • While usually not realistic, some of the technologies above that can help in this area include the physical security setup, Azure Information Protection policies that prohibit viewing the information, and Data Loss Prevention tips that warn users before they proceed with sharing sensitive information.
  • Catch It After It Happens
    • DLP can scan and find offending issues, and the robust auditing capabilities give insight into numerous potential events of interest.
  • Minimize The Chance That It Happens
    • Labels and real-time tips help users make good decisions in-context, and rights management policies combined with the permission capabilities of platforms like SharePoint help minimize the chance that a user will handle data inappropriately, or make sure they can’t see it at all.

The Azure Cloud continues to evolve quickly and dynamically, and continues to prioritize the protection of customer data to ensure that the platform is one that you can trust.

Thanks to the Buckeye SharePoint User Group for letting Ricardo Wilkins, CEI Architect, speak on security and compliance in the Microsoft Cloud!

View the full presentation here.

Ricardo SPUG May

Author: Ricardo Wilkins, Architect & Microsoft P-TSP – SharePoint & Cloud / Azure


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s