Is Office 365 secure?

So you are about to upgrade your ICT systems and a number of the potential suppliers you've been talking to are recommending a cloud based solution - but how can you be sure your information will be safe?

It's one of the first and most common questions I get asked every time we meet with a customer and demonstrate one of the Microsoft Cloud Services, such as Office 365, Dynamics CRM Online or Microsoft Azure.

It's a really important question and is a completely understandable concern for any organisation considering a cloud based solution.  However, when we start to look at what most of these customers currently have in place we normally discover that a move to a service such as Office 365 is actually more secure than what they have in place at present - let me explain.

There is more to IT security than who can see your data.  There are a variety of different risks to mitigate on a continuous basis, so it's not just about where the ones and zeros are stored but more about how your information is stored based on your company's need and the layers of protection both physical and logical that are applied to that information on an ongoing basis.  So, if you think about an organisation that has a server located within its premises, there are all kinds of risks some of which are addressed continiously such as backup and some that are probably not addressed quite so regularly such as software upgrades, auditing, security patches, information classification and business continuity.  Then there are the basic risks such as physical security, power, cooling and connectivity which are all the addressed with strict policies and standards along with failover systems in a Microsoft cloud environment but would be very expensive for your typical small/medium sized business to implement in-house.  Therefore, your typical small/medium organisation will usually accept some of these risks but the argument would be if they did move to something such as Office 365 they would actually increase their information security and business continuity capability compared to running their information systems on servers within their offices.

An example of one element of security functionality Office 365 can provide is shown in the video below which shows how Office 365 offers encryption at all layers of the business from internal data sharing to external communication with 3rd parties:

This is just one of many layers of security that is implemented within the Microsoft Cloud Services stack and there is far more than we could cover in one news item.  However, its safe to say that Microsoft as a cloud services provider does take information security serious and as a provider as Software as a Service (SaaS) in the case of Office 365 has a wide range of internal access controls, multiple security technology layers, redundant/backup systems and compliance monitoring with independent security auditors.

So the answer we provider our customers is: "Yes, Office 365 is not just secure but is likely to be more secure and reliable than the server in your back office."  Not only that it will continue to be reviewed and upgraded everyday and you as the end customer can be as involved in that as you want or need to be going forward.

For more information on just how seriously Microsoft takes the security of its cloud services you can visit the Office 365 Trust Centre where you will see first hand the facilities and measures that are implemented and maintained on an ongoing basis.