What Data Security and Compliance is Built into Office 365?
Security is at the heart of Office 365. Here are some great bullet points from a recent Microsoft blog listing. Check out the full article here: http://blogs.office.com/b/office365tech/archive/2013/10/23/cloud-services-you-can-trust-security-compliance-and-privacy-in-office-365.aspx
- Physical security - We monitor our data centers 24/7 and we have technologies and processes to protect our data centers from unauthorized access or natural disasters
- Security best practices -We use best practices in design like Secure Development Lifecycle and operations like defense-in-depth to keep your data secure in our data centers
- Data encryption - Every customers' email content is encrypted at rest using BitLocker Advanced Encryption Standard (AES) encryption
- Secure network layer - Our networks are segmented, providing physical separation of critical back-end servers from the public-facing interfaces at the same time our Edge router security detects intrusions and signs of vulnerability
- Automated operations like Lock Box processes - Access to the IT systems that store customer data is strictly controlled via lock box processes. This access control mechanism is similar to a system where two people have to turn the key for an action to be allowed.
- Independently Verified - Third party audits verify that Office 365 meets many key world-class industry standards and certifications
- Control framework - We follow a strategic approach of implementing extensive standard controls that in turn satisfy various industry regulations. Office 365 supports over 600 controls that enable us to meet complex standards and offer contracts to customers in regulated industries or geographies, like ISO 27001, the EU Model Clauses, HIPAA Business Associate Agreements, FISMA/FedRAMP
- Comprehensive Data Processing Agreement - Our Data Processing Agreement comprehensively addresses privacy and security of customer data, helping customers comply with local regulations
- No Advertising - We do not scan email, documents, build analytics or data mine to build advertising products. In fact, we do not use your information for anything other than providing you services you have subscribed for.
- Data Portability - As an Office 365 customer, your data belongs to you, and you can export your data at any time with no restrictions. We act only as a data processor and provider of productivity services, not as a data owner
- Notice and Consent - When we act upon your data, we let you know why and we ask for permission in advance or redirect any inquiries to our customers unless legally prevented to do so.
- Breach Response - We have strong, tested and audited processes to inform you if there is a breach and re-mediate issues if they occur.
- Data Minimization - We strive to minimize the actual amount of customer data that our internal teams have access to.
This posting is provided “AS IS” with no warranties, and confers no rights.