BACKGROUND IMAGE: Baks/iStock

E-Handbook:

Get the details on Office 365 advanced security management

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Address Office 365 security concerns while enjoying its benefits

Office 365 security concerns should worry you but not dampen your enthusiasm for the platform's potential benefits for your business. Here's what you need to consider upfront.

In today's world, where we're moving more and more business information systems to the cloud, it's a no-brainer...

to offload what tends to be a pretty large administrative headache: email and Office applications. With the compelling sales propositions that Office 365 has to offer, why not boot Exchange, Office and SharePoint out of the confines of your LAN once and for all? Time, effort and monetary gains can certainly be realized. But let's talk about security. As with most IT and business decisions today, with Office 365, security concerns must be a part of the conversation.

Just because Office 365 is in Microsoft's cloud environment doesn't mean it's ideal for your business once you consider the various security-related issues. Luckily, most Office 365 security concerns are low-likelihood or low-impact situations. There are some potentially high, possibly critical, risks depending on your business, regulatory and legal needs. The following are the top Office 365 security concerns that need to be considered:

  • integrating authentication and access controls between your current environment and the cloud;
  • preparing for denial-of-service attacks and other uptime concerns;
  • knowing which sensitive business information, such as intellectual property and personally identifiable information, are stored offsite as part of the cloud applications you're using;
  • understanding how the cloud can complement, facilitate or possibly even negate existing on-premises security controls such as the following:
    • malware protection
    • content filtering
    • multifactor authentication and single sign-on
    • data loss prevention and cloud access security brokers
    • mobile device management and unified endpoint management
    • network logging, monitoring and alerting;
    • ensuring that you have full control over information classification as well as storage, backup and retention; and
    • meeting industry (e.g., PCI DSS) as well as state, federal and international government security and privacy compliance requirements for data encryption, both in transit and at rest.

One of the greatest oversights that occurs in the cloud is when people get too caught up in SOC 2 audit reports, sales and marketing promises, legalese and so on and believe that the cloud is 100% risk-free. Reality is showing us that simply outsourcing certain IT and security functions to the cloud doesn't absolve us from our bigger-picture security responsibilities. What happens when there's a security incident or confirmed breach in the cloud? Who leads the investigation? When can you get involved, if at all? How are breach notifications handled?

Moving to Office 365 can help you with security standardization, keep certain software more up to date and even address Office 365 security concerns brought about by shadow IT. Still, as many have learned, no matter how resilient Office 365 and the cloud in general appear to be, there's always room for error and downtime.

Microsoft Office 365 is a great solution for many IT and security challenges. However, its usage must be balanced with common sense, shared responsibility and accountability. Whether you're considering Office 365 or you have a complete implementation of it across your organization, you have to be fully certain that all of your business's needs are being met, including the potential Office 365 security gotchas that come along with it.

Next Steps

Read more on recent changes to Office 365 and its benefits

Learn more about how cloud is changing the way companies do business

How to employ single sign-on to make Office 365 and other cloud products more secure

This was last published in June 2017

Dig Deeper on Productivity apps and messaging security

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What security-related Office 365 issue keeps you up at night?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close