This is a repost from the Microsoft Office blog. It goes into detail how this cloud based solution to office and email applications treats it security and the steps it takes to adhere to the latest standards of compliance. If you’ve been thinking about moving into the cloud recently then this article should be of great interest.
Trust is the foundation of every good relationship. That’s as true in business as it is in friendship. Today, more than 1.2 billion people worldwide trust Microsoft Office to provide a reliable productivity solution with commercial grade privacy, security and compliance features to keep their data secured. With more organizations moving to the cloud, and more people using cloud-based services such as Office 365 to work anywhere, anytime, and across multiple devices, trust has never been more important.
In the last 12 months, 75 percent of Fortune 500 companies have purchased Office 365. These organizations trust us because we are committed to doing the best job of achieving three key objectives:
- protecting their privacy
- securing their data in the cloud
- helping them comply with regulatory standards
Read on to learn more about how we can help with security, privacy and compliance when you move your organization’s data to the cloud.
How Office 365 protects your privacy
Office 365 uses your data for only one purpose: to provide you the services. That’s a commitment we make right in our contract. We have a rich history of offering and honoring privacy-friendly terms with our services and continue to play a leadership role in this area. Office 365 was the first cloud-based business productivity service to help customers meet Health Insurance Portability and Accountability Act (HIPAA) requirements, by convening academic, public- and private-sector experts to help craft a business associate agreement (BAA) that would meet the needs of universities, health systems, and many other regulated organizations. We were also the first to receive written confirmation from the European Union’s data protection authorities that Microsoft’s enterprise cloud contracts meet the high standards of EU privacy law. In addition, we were one of the first to sign the K-12 School Service Provider Pledge to Safeguard Student Privacy.
We recognize that you need control over who accesses your organization’s data in the cloud. This is why we provide advanced data loss prevention controls and controls that let you restrict the copying, printing or forwarding of emails that contain confidential information. We offer controls to help restrict the accidental leakage of sensitive information such as credit card numbers via our services by providing real-time alerts to users attempting to share such content, and we even enable the admins in your organization to set policies that will automatically encrypt such content.
How Office 365 keeps your data secured
Office 365 offers built-in security and compliance capabilities, which means you don’t have to spend extra time and money finding trustworthy third-party apps to ensure you have an enterprise-grade solution that is secured and compliant. Office 365 users who were surveyed in a recent study commissioned by Microsoft and conducted by Forrester Consulting saw the following savings, on average, after moving to the cloud and adopting Office 365:
- 6.8% reduction in compliance costs
- 10.7% reduction in time spent on eDiscovery
- 73% decrease in the number of data breaches
- 32% reduction in the cost of those breaches.
With more customers accessing corporate data on multiple devices, and collaborating on team sites and shared drives, we are constantly innovating to keep your data secured. Last month at TechEd we announced new updates to the built-in security capabilities in Office 365. New mobile device management (MDM) capabilities, set to roll out in the first quarter of 2015, will enable secured access to corporate data in Office 365 services from a diverse range of smartphones and tablets, including iOS, Android, and Windows Phone devices. In addition, the expansion of Data Loss Prevention (DLP) capabilities beyond email to additional Office 365 services and Office clients will help you protect sensitive content no matter where it is stored and shared within our services.
How Office 365 enables regulatory compliance
At Microsoft, we not only help you meet your compliance needs, we help you exceed them. We have built more than 1000 controls into the Office 365 compliance framework that enable us to stay up to date with ever-evolving industry standards. Meanwhile, our specialist compliance team continuously tracks standards and regulations, and develops common control sets for our product team to build into Office 365.
Our work to help our customers stay compliant never stops. We are currently working to meet ISO 27018, an international code of practice that establishes controls to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud-computing environment. We not only offer you transparency about where your data is stored, who has access to it and when but also offer you meaningful choices in these matters.
Get more information
To learn more about the privacy, security and regulatory compliance capabilities of Office 365 and how they compare with the competition’s offering, read the Trust in Office 365 white paper. I also recommend you visit the Office 365 Trust Center, where we share our commitments and information on trust-related topics.
Malavika Rewari is a Product Marketing Manager with the Office 365 team.