Documente Academic
Documente Profesional
Documente Cultură
02 Platform security
03 Information governance
07 Conclusion
01 Introduction
Microsoft has been building enterprise software The collaboration landscape has changed.
for decades and running some of the largest Connectivity is ubiquitous, and the ability to work
online services in the world. We draw from this remotely has become an ingrained part of the work
experience to keep making Microsoft SharePoint practice. People have come to expect to be able to
Online and OneDrive for Business more secure for access email and documents from anywhere on any
users, implementing and continuously improving device—and for that experience to be seamless.
security-aware software development, operational
management, and threat-mitigation practices that
are essential to the strong protection of your services
and data.
While this has been an enormous In this e-book, you’ll learn about the
boost to productivity, it also presents Microsoft approach to security and
huge challenges for security. compliance with SharePoint Online
Previously, businesses needed be and OneDrive for Business, which
concerned with a firewall that ended encompasses:
at the corporate boundary. Now
Platform security
that boundary has shifted to the end
user. Businesses need to ensure that Protect content at rest and in transit
corporate data is safe while enabling with layered encryption customer
users to stay productive in today’s controls and keys to lock down data.
mobile-first world, where the threat
Information governance
landscape is increasingly complex and
sophisticated. Manage your data life cycle process
with customizable data retention,
SharePoint Online and OneDrive for
discovery, and deletion.
Business are uniquely positioned
to help you address these evolving Secure access and sharing
security challenges. To begin with,
Manage access and sharing settings to
Microsoft has continued to evolve with
guard against leaks of sensitive data.
new standards and regulations. This
has been a guiding principle behind Awareness and insights
security for SharePoint Online and
Gain full transparency and insights into
OneDrive for Business. Right alongside
users and data with auditing, reports,
that principle is this one: There is no
and alerts.
security without usability. If security
gets in the way of productivity, users Compliance and trust
will find a different, less secure way to
Leverage the proactive and continuous
do their work.
compliance and certification process of
SharePoint Online and OneDrive for
Business allow your organization to go
beyond its regular business rhythms Customer challenges by the numbers
and be nimbler in responding to
billion records compromised in the last year (Source: Risk
market changes and opportunities.
Based Security)
These solutions enable users to access
the files and documents they need days between infiltration and detection (Source: Mandiant
wherever they’re doing work, while Consulting M-Trends, 2016)
sharing and collaborating in real-time.
of senior managers admit to using personal accounts for work
And you control and own your data
(Source: Stroz Friedberg, On the Pulse: Information Security in
while Microsoft takes care of it.
American Business)
Data loss is non-negotiable for your business, and Microsoft is constantly working on ways to mitigate
exposure of sensitive information and assets can the effects of attacks on data and information.
have enormous legal and compliance implications— These security measures form the foundation of
and impacts on your competitive edge. SharePoint our business products and cloud services. Office
Online and OneDrive for Business safeguard against 365 gives you enterprise-grade physical and logical
unintentional disclosures through the defense-in- security capabilities to secure your IT environment,
depth approach of Microsoft Office 365. along with encryption controls to protect your files
and email communications.
Physical security These fortresses, however, are
transparent to you. Moving to a
Capabilities:
cloud service shouldn’t mean losing
Extensive auditing and supervision visibility into your services. We make it
prevent administrators from getting easy for you to monitor the status of
unauthorized access to your data. your services, track issues, and get a
Multiple copies of your data are historical view of availability. You also
located across datacenters for always have awareness of who has
redundancy. access to your data and under what
circumstances they have it.
With Office 365, your data is stored Multiple copies of your data are
in Microsoft datacenters that are kept across datacenters, which are
protected by layers of security. geographically distributed. If Microsoft
These datacenters guard against expands into a new country in the
not only unauthorized access and region where your data is stored, you
security breaches, but natural and are notified one-month in advance .
environmental threats as well. They are
built like, yes, fortresses.
Logical security Automation
Capabilities: For data in transit, Office 365 secures OneDrive for Business and SharePoint
customer data by forcing all Online also use file-level encryption
Easily and cost-effectively manage
customer-facing servers to negotiate to encrypt data at rest. Office 365
and maintain control of the
encryption keys used by cloud apps a secure session with client machines moves beyond a single encryption
and services. through TLS/SSL protocols. This applies key per disk to deliver a unique
to protocols on any device used by encryption key for every file stored in
Encrypt keys and small secrets like
clients—such as SharePoint SharePoint Online—including OneDrive
passwords by using keys stored in
hardware security modules (HSMs) Online—on the web. for Business folders. These files are
with Azure Key Vault. distributed across multiple Azure
Data at rest
Storage containers, each with separate
BitLocker volume encryption secures credentials. Not only are these files
Office 365 protects the confidentiality data at rest. It addresses the threats of spread across storage locations–the
and integrity of customer data by data theft or exposure from lost, stolen, map of file locations is itself encrypted
following industry cryptographic or inappropriately decommissioned and the master encryption keys are
protocols like Transport Layer Security computers and disks. Office 365 physically separated from both content
(TLS)/Secure Sockets Layer (SSL) and deploys BitLocker with AES 256-bit and the file map. All this makes
Advanced Encryption Standard (AES). encryption on servers that hold all OneDrive for Business and SharePoint
Data is protected at rest and in transit, messaging data, including email and Online a highly secure environment for
and protection extends to file-level IM conversations, as well as content stored files.
protection in some scenarios. stored in SharePoint Online and
OneDrive for Business.
Your data belongs to you. Simple as that. This is your data, you remain in control of it. And we help
another one of the guiding principles behind security you to manage this through access controls, sharing
for SharePoint Online and OneDrive for Business— controls, and application and device management.
that while, at Microsoft, we serve as custodians of
Access controls Conditional access works alongside
Multi-Factor Authentication in
Capabilities:
providing another layer of security.
Policies that provide contextual Multi-Factor Authentication requires
controls at the user, location, device, two or more verification methods
and app levels. for user sign-ins and transactions.
Location-based conditional access These methods can include randomly
policy that blocks users who are generated pass codes, a phone call, a
working from an untrusted location. smart card, or a biometric device.
Understanding usage within your organization helps unified dashboard. And intelligent alerting allows
you get ahead of security risks and usability issues. you to monitor and investigate actions taken on
Advanced auditing enables you to discover forensic your data, so that you can contain and respond to
information about specific activities conducted by threats—and protect your valuable
a user or an administrator. Personalized reporting intellectual property.
offers seamless access to information through a
Advanced auditing
Capabilities:
For customers considering a move to the cloud, compliance team tracks standards and regulations,
compliance is a major issue. And it’s a paramount developing common control sets for our product
concern for us at Microsoft as well, which is why team to build into the service. We have built over
Office 365 offers you continuous compliance. Our 1,000 controls into the Office 365 compliance
base level of requirements for Microsoft products framework that enable us to stay up to date with
and services is always increasing, as impacted by frequent changes to industry standards.
needs worldwide and across industries. Our specialist
Microsoft regularly submits self Continuous compliance These capabilities intelligently simplify
assessments to independent third the eDiscovery process, so there’s less
Capabilities:
party auditors. Microsoft holds key time taken on your end and less strain
certifications, including: Discover forensic information about on your budget. And as the compliance
specific activities performed a users landscape expands, our capabilities
EU Model Clauses or administrators. expand with it.
FedRAMP Use RESTful APIs to get an
unprecedented level of visibility
FERPA into all user and admin transactions
within Office 365.
FISMA
Jeff Henderson
Executive Vice President and Chief Information Officer
TD Bank Group
07 Conclusion
In the new world of work, SharePoint Online and SharePoint Online and OneDrive for Business allow your business
OneDrive for Business allows you to access email and to get ahead while getting a handle on your data, providing tools
documents from anywhere on any device—and to do to manage your users and devices, better understand usage within
so securely. Our approach provides this productivity your organization, and be better prepared for any actions taken on
protected by security with defense-in-depth solutions your data.
to safeguard your data. We give you the user and
Microsoft has been a leader in trusted enterprise-grade solutions
administrative controls to shield and defend your IT
for decades now. And as the collaboration and compliance
environment and the privacy of your customer data,
landscapes evolve, we do too. Learn more at the
so you can comply with standards and regulations.
Microsoft Trust Center.