In today's world, where we're moving more and more business information systems to the cloud, it's a no-brainer...
to offload what tends to be a pretty large administrative headache: email and Office applications. With the compelling sales propositions that Office 365 has to offer, why not boot Exchange, Office and SharePoint out of the confines of your LAN once and for all? Time, effort and monetary gains can certainly be realized. But let's talk about security. As with most IT and business decisions today, with Office 365, security concerns must be a part of the conversation.
Just because Office 365 is in Microsoft's cloud environment doesn't mean it's ideal for your business once you consider the various security-related issues. Luckily, most Office 365 security concerns are low-likelihood or low-impact situations. There are some potentially high, possibly critical, risks depending on your business, regulatory and legal needs. The following are the top Office 365 security concerns that need to be considered:
- integrating authentication and access controls between your current environment and the cloud;
- preparing for denial-of-service attacks and other uptime concerns;
- knowing which sensitive business information, such as intellectual property and personally identifiable information, are stored offsite as part of the cloud applications you're using;
- understanding how the cloud can complement, facilitate or possibly even negate existing on-premises security controls such as the following:
- malware protection
- content filtering
- multifactor authentication and single sign-on
- data loss prevention and cloud access security brokers
- mobile device management and unified endpoint management
- network logging, monitoring and alerting;
- ensuring that you have full control over information classification as well as storage, backup and retention; and
- meeting industry (e.g., PCI DSS) as well as state, federal and international government security and privacy compliance requirements for data encryption, both in transit and at rest.
One of the greatest oversights that occurs in the cloud is when people get too caught up in SOC 2 audit reports, sales and marketing promises, legalese and so on and believe that the cloud is 100% risk-free. Reality is showing us that simply outsourcing certain IT and security functions to the cloud doesn't absolve us from our bigger-picture security responsibilities. What happens when there's a security incident or confirmed breach in the cloud? Who leads the investigation? When can you get involved, if at all? How are breach notifications handled?
Moving to Office 365 can help you with security standardization, keep certain software more up to date and even address Office 365 security concerns brought about by shadow IT. Still, as many have learned, no matter how resilient Office 365 and the cloud in general appear to be, there's always room for error and downtime.
Microsoft Office 365 is a great solution for many IT and security challenges. However, its usage must be balanced with common sense, shared responsibility and accountability. Whether you're considering Office 365 or you have a complete implementation of it across your organization, you have to be fully certain that all of your business's needs are being met, including the potential Office 365 security gotchas that come along with it.
Read more on recent changes to Office 365 and its benefits
Learn more about how cloud is changing the way companies do business
How to employ single sign-on to make Office 365 and other cloud products more secure