Should you worry about an Office 365 data breach?

By

Based on the facts, the question whether you should worry about an Office 365 data breach is not entirely logical, but it’s not unusual either. The benefits of moving your business to the cloud are well documented. With a Software as a Service (SaaS) platform like Microsoft Office 365, your employees can take advantage of anytime, anywhere access to their content, meaning they can get work done without needing to be in a specific place. And with enhanced tools for collaboration and communication it’s a real boon for business productivity. Then there’s the reduction in hardware and software costs. With the cloud and Office 365, the servers are off-site and maintained by others.

Why businesses are cautious of the cloud

Of course, the idea of off-site servers can seem like a double-edged sword. If your servers are hosted off-site and maintained and updated automatically by Microsoft, then you don’t need to employ as many people to perform these tasks individually. However, by the same token, does that mean by moving to the cloud you are giving up control of your own content? And should you therefore be worried about an Office 365 data breach?

In brief: reasons why businesses are wary of the cloud:

  • The loss of absolute control of storing data
  • Data compliance
  • Security risks

Is your data safe in Office 365?

Security concerns over a potential Office 365 data breach are understandable. The idea of your data being stored off-site someplace is uncomfortable. That is, if you don’t have a good grasp of the level of security that Microsoft have prioritised for Azure (their network of data centers that support Office 365). So, here are some reasons why Office 365 might in fact be the safest place for your information, after all.

Microsoft “real life” security
The location of the facilities where Office 365 servers are stored is not disclosed by the tech giant to the public, so if they are to be breached they would have to be found first. And knowing the size of the tech giant and the interest they have in protecting their servers, the level of physical security is very high.

Fortress-like levels of encryption
Your data in Office 365 is always encrypted via disks using BitLocker encryption, SSL over HTTP and IRM on Document Libraries. That, as you can tell, is a heavyset and formidable amount of encryption making an Office 365 data breach, in the very worst case scenario, unlikely.

Data mining protection
Not all clouds are created equally, and some will use your information to target ads. Microsoft Azure, however, does not do this. As a customer of Office 365, your data will not be shared nor will your actual content be accessed. The only data of yours they use is to improve the service.

Automatic data backup
Sometimes things go wrong—and this usually happens when you can least afford it to. Microsoft has built their servers with multiple layers of redundancy and backups at the data center level, that are updated automatically, so if you do lose something important, it can be restored.

Subscription timeframe
One of the benefits of moving to Office 365 is only having to pay per user per month, which can drastically reduce your IT start-up costs. But the fear some businesses have is that if they decide to leave Office 365, or their subscription expires, their data will be lost. Your data is available for migration away from Office 365 after a terminated subscription for a set period so you don’t have to worry about losing it.

Don’t shoot yourself in the foot allowing an Office 365 data breach

Microsoft have made security one of their highest priorities and Office 365 is generally viewed as being extremely safe. But that doesn’t mean you should be complacent about your information and who has access to it. The reality is, if your data is at risk it will mostly likely be down to your interaction with your employees or third parties who mistakenly are given access to content.

SharePoint Permissions are one area where you might unwittingly give unauthorised people access to your content, potentially resulting in an Office 365 data breach. Here are several reminders to help you manage your SharePoint Permissions correctly:

  • Switch on your auditing reports immediately so that if a breach was to happen you can see what documents were viewed, edited, etc. and can fix them
  • Be careful of adding “all users” unless you know exactly what you are doing
  • Help your employees by training those in charge of Sites on security procedure so they will be less likely to get caught out
  • Check permissions on any external user after adding them to make sure they don’t have inappropriate access or were added elsewhere
  • Run security reports regularly

A little extra help?

You shouldn’t spend too much time worrying about the security levels of your data in Office 365, as the biggest threat to your data, is very often employees – (take the recent case where a single laptop containing the personal information of 134,386 Navy personnel was ‘compromised’ and exfiltrated). The above recommendations can help remind you of what you should and shouldn’t do when managing your data in SharePoint and Office 365, but sometimes your employees could use an extra hand—especially as data and content is dynamic and growing all the time.

DeliverPoint is designed to make managing your SharePoint permissions as easy as possible. We’re very excited to announce that we’ll be demoing the brand new hybrid version of DeliverPoint at the SPTechCon in April, for more information on this check out our Press Release (hyperlink to this once live). 

For more information on how we can help your business avoid an Office 365 data breach, as well as get the most out of your Microsoft investment, get in contact today.