Be aware of your security responsibility !
An increasing number of companies has decided to host their office applications such as Microsoft Word, Excel and Powerpoint in the cloud. Also core services like mail, datastorage and sharepoint are hosted these days. No wonder really, because the underlying principle is very appealing: you no longer need to install software yourself, and the central storage in the cloud allows you to access your data anywhere and from any device. Highly convenient, isn’t it? But beware: switching from onsite applications to their hosted online equivalents also entails a certain degree of risk, particularly when it comes to data security.
In my discussions with organizations I often hear them claim that they need not worry about security for Office 365, as it is hosted at Microsoft. This is a common mistake made not only by SMB’s but also by multinationals: they automatically assume that security is under control just because their data are stored on servers in a Microsoft datacenter. Of course, Microsoft does take the necessary precautions to ensure the availability of their service, but the responsibility for data security ultimately lies with the end user. Microsoft is responsible for the security of the cloud while you are still responsible for data in the cloud! So here are some considerations for you so that you can avoid unpleasant surprises in the near or distant future:
- Encrypting data
Many organizations decide to encrypt their data in order to prevent unauthorized access to files in a public cloud. We advise you to choose very deliberately whom you entrust with the management of the encryption keys: do you opt for your cloud provider or do you prefer to decide yourself who has access to which information?
- How to ensure compliancy when your data are stored in the cloud
It is a question that pops up regularly, especially in large organizations: how can you ensure compliancy when moving data to cloud environments such as Microsoft Office 365? The answer is: take the appropriate Data Loss Prevention measures. This means: go beyond the measures that you take when just protecting assets within your office environment, because data in the cloud require more precautions.
- Integrated platform
Finally, you also need to seriously consider how you will tackle advanced malware when moving towards services such as Office 365. A silo-based approach – choosing a different solution for each individual environment – is simply no longer sufficient.
That’s why I advise building a security platform that works for any device, location, and hosting and storage configuration. Organizations demand flexibility and scalability. One should be allowed to move data around freely without this impacting your security. It should not matter whether your information is onsite, in a private cloud, at Microsoft Azure, Amazon Web Services (AWS) or available through services such as Google Apps or Office 365. However, this also requires a thorough re-evaluation of organizations’ security strategies.
The move from an onsite office environment to Office 365 seems very simple and straightforward, but you should not forget to take the necessary security measures. Securing your data and applications is your own duty and your responsibility, and should not be taken lightly. Fortunately there are tools available which provide a comprehensive solution without complicating the entire infrastructure.
Want to know more about your extra line of defense for Microsoft Office 365 ? Click here and download your free report.