When you make a decision to place your trust in a cloud services provider for productivity services, security, compliance, and privacy are top of mind. With over a billion customers on Office and decades of experience running online services, we understand what it takes to earn and continue to maintain your trust and confidence in Office 365.
Our construct for security, compliance, and privacy in Office 365 has two equally important dimensions: Built-in capabilities that include service-wide technical capabilities, operational procedures, and policies that are enabled by default for customers using the service; and Customer controls that include features that enable you to customise the Office 365 environment based on the specific needs of your organisation.
We will look at Built-in capabilities and Customer controls for each of the key pillars of trust - Security, Compliance, and Privacy - in more detail below.
Security of our customers' information is a key trust principle. We implement policies and controls to safeguard customer data in the cloud and provide unique customer controls that you can use to customise your organizational environment in Office 365.
As an Office 365 customer, you will benefit directly from in-depth security features that we have built into the service as a result of experience gained from years of building enterprise-grade software, managing a number of online services and billions of dollars in security investments. We have implemented technologies and processes that are independently verified to ensure high security of customer data.
Some key aspects of our built-in security capabilities are:
* Physical security - We monitor our data centers 24/7 and we have technologies and processes to protect our data centers from unauthorized access or natural disasters
* Security best practices -We use best practices in design like Secure Development Lifecycle and operations like defence-in-depth to keep your data secure in our data centers
* Data encryption - Every customers' email content is encrypted at rest using BitLocker Advanced Encryption Standard (AES) encryption
* Secure network layer - Our networks are segmented, providing physical separation of critical back-end servers from the public-facing interfaces at the same time our Edge router security detects intrusions and signs of vulnerability
* Automated operations like Lock Box processes - Access to the IT systems that store customer data is strictly controlled via lock box processes. This access control mechanism is similar to a system where two people have to turn the key for an action to be allowed.
As a result of Office 365 offering productivity services to a wide range of industries, we have built both features and choices that you can control to enhance the security of data based on the needs of your organisation.
Some key aspects of our customer controls for security are:
* Exchange Hosted Encryption - Enables delivery of confidential business communications safely, letting users send and receive encrypted email directly from their desktops as easily as regular email.
* S/MIME - Enables encryption of an email messages and allows for the originator to digitally sign the message to protect the integrity and origin of the message. As part of our continued investment in security technologies that Government and Security conscious customers care about, we are adding support for S/MIME for Office 365 in the first quarter of Calendar Year 2014.
* Rights Management Services - Enables a user to encrypt information using 128-bit AES and use policies on email or documents so that the content is appropriately used by specified people.
* Role based access control - Allows administrators to enable access to authorised users based on role assignment, role authorisation and permission authorisation.
* Exchange Online Protection - Allows administrators to manage your company's Anti-virus and Anti-spam settings from within the Office 365 administration console.
* Identity Management - Provides organisations with various options for identity management such as cloud based identity, identities mastered on-premises with secure token based authentication or hashed passwords to integrate into the Office 365 identity management system based on the security needs of your organisation.
* Two factor Authentication - Enhances security in a multi-device, mobile, and cloud-centric world by using a second factor, such as a PIN, in addition to the primary factor which is identity.