We live in a world where if we feel it’s not in our own pocket, we are left in a venerable and unsecure position. With recent news from our large retailers about security breaches with customer credit cards and identity theft, there is good reason to be cautious about placing your data and content in the cloud. Because of this, customers have security concerns about Office 365 e.g. migration complexities, pricing structure, and the support of third-party products available. So why Office 365? Below you’ll find helpful information to build confidence in the Office 365 platform and services.
But first, let’s take a look at some key features that may/will help guide your decision making when asking Why Office 365:
BYOD (Bring Your Own Device)
Office 365 provides the user with a modern UI experience optimized for touch, pen, mouse and keyboard with support for iOS, Android, and Windows phones. We can see the investment Microsoft is making in the support for BYOD with the apps that are now available for iOS and Android. Microsoft is making it easier for developers to create cross-platform apps. See Strategies for Developing Cross-Platform Applications with Visual Studio 2015 and Cross-Platform Mobile Development with Visual Studio from the recent Microsoft Build conference.
When we first began hearing about the “cloud” some two years ago, in Microsoft terms, I for one was left with (pardon the pun) a nebulous notion of exactly how we were going to move our clients and solutions to the cloud. To that end, Microsoft has been redefining our cloud experience with on-demand real-time access to data, content and services wherever you are from a reliable enterprise-grade infrastructure that adheres to strict standards.
Social media previously was used to keep track of family members and to tweet your personal thoughts about this thing or that. With the growth of social media, to and in terms on corporate communications and collaboration, Microsoft acquired Yammer and merged it into SharePoint 2013 with SP1 and Office 365. This, along with the newly renamed Lync to Skype for Business and micro-blogging features, social media has proliferated the entire Office suite.
Corporate compliance is of paramount importance, and Office 365 offers built-in controls for DLP (Data Loss Prevention), Records Management, and Holds and eDiscovery with a unified experience across the Office 365 environment. Microsoft provides us with the Office 365 Trust Center to speak to all the concerns one could have about security and compliance.
Where’s My Data and is it Safe?
A common question asked regarding Office 365 is around high availability and data safety. Office 365 customers will enjoy the benefits of knowing their services and data are geo-redundant with primary and secondary data center locations in buildings the size of football stadiums. There are many data center located worldwide in North (figure 1) and South America, Brazil, Europe, Middle East, Africa, Asia/Pacific, Japan and Australia. There are also Office 365 Government data centers.
See Microsoft Data Center Background for more information.
Figure 1 – North America Data Centers
For more information see the Office 365 Trust Center and the Office 365 and Microsoft Dynamics CRM Online Data Maps
Service Level Agreements (SLA)
Since Microsoft, for all intent and purposes, “has” your data it’s critical that Microsoft has published a robust and attractive SLA. I’ve provided you with a high-level overview below.
“If we do not achieve and maintain the Service Levels for each Service as described in this SLA, then you may be eligible for a credit towards a portion of your monthly service fees.” – Microsoft
If for some reason your SLA is not met, you’ll receive service credits. See Figure 2 below.
Make sure you read the general terms and limitations and the service specific terms, e.g. downtime and service level exceptions for each service.
Figure 2 – Office 365 Services
Your Office 365 subscription also provides in advance notifications for scheduled maintenance. This is typically done five days prior to the scheduled maintenance, see figure 3. This, along with the overall health can all be viewed from the Office 365 admin portal, see figure 4.
Figure 3 – Maintenance Schedule
Figure 4 – Service Status
I’m a particular fan of Office 356 Admin app for my Windows Phone. The app has Live Tiles and offers a quick snapshot of my Office 356 service status and health. For more detail check out Administer on the go with the updated Office 365 Admin app.
For more information navigate to Service Level Agreement for Microsoft Online Services
Office 365 offers security for Physical (facility and network), Logical (host, application, and admin users) and the Data layers.
Multi-factor authentication increases the security of user logins by adding additional steps to the login process. You may be familiar with this already if you have used the Two-step verification process that comes with Outlook.com. With Multi-Factor Authentication for Office 365, users are required to acknowledge a phone call, text message, or an app notification on their smartphone after correctly entering their password. Only after this second authentication factor has been satisfied can a user sign in.
Anti-Spam and Anti-Malware Protection
The use of anti-malware software is a principal mechanism for protection of your assets in Office 365 from malicious software.
Data Loss Protection
Exchange Online provides data loss prevention (DLP) technology that identifies, monitors, and protects sensitive data and helps users understand and manage data risk. Note: DLP is only available on the E3 and E4 Subscriptions.
Office 365 services follow industry cryptographic standards such as SSL/TLS (Secure Sockets Layer / Transport Layer Security), AES etc. to protect confidentiality and integrity of data.
Rights Management Service (RMS)
Provides best-in-class data protection at the file level to prevent copying, printing and saving of documents.
Customer Lockbox for Office 365
Microsoft has engineered Office 365 to require nearly zero interaction with customer content by Microsoft. Nearly all the services are performed by Microsoft are full automatic or human involvement is abstracted away from the Office 365 content. In the very rare instance a customer can apply explicit access approved control to a Microsoft engineer to log in to an Office 365 service.
For more information see Announcing Customer Lockbox for Office 365 and the following.
For more details see the Built-In Security page for the Office 365 Trust Center and the Office 365 Security Whitepaper
Office 365 Compliance
If you’re still left wondering, Why Office 365, keep in mind that it offers the latest innovations for enterprise compliance that meet standards of the ISO 27001, EU model clauses, HIPAA BAA, and FISMA requirements.
Office 365 offers the best in bread document lifecycle management tools to reduce the risk and improve compliance and increase adoption with:
• Built in Publishing
• Records Management and In-Place Holds
• Object level auditing
• Information Management Policies
• eDiscovery features
Microsoft is now offering their new MDM (mobile device management) capabilities that will help you manage access to your Office 365 data across a diverse range of phones and tablets, including iOS, Android and Windows Phone devices. With MDM, you can secure and manage corporate resources, apply mobile device settings, perform a selective wipe of Office 365 data, preserve Office 365 productivity experience and manage policies with ease. These new MDM feature are powered by Microsoft Intune.
For more details see the Continuous Compliance page for the Office 365 Trust Center.
Hopefully, I’ve given you an answer as to Why Office 365. If you’re looking for more compelling reasons to consider Office 365 for your organization I suggest you look at reports provided from Gartner and Forrester research firms.