Moving to a cloud based service such as Office 365? Many organisations contemplating a move to a cloud based service are rightly concerned about security. With new threats being introduced on a regular basis, organisations need to use all the tools they have at their disposal to secure their data. Official Government Guidance on the security considerations of using Office 365
details the factors which organisations should consider when moving to a cloud based service to ensure that they are compliant with data protection and data management legislation. Fortunately, Office 365 has some handy inbuilt features which help ensure that you are security compliant and offer peace of mind that your data is safe. We take a look at the Office 365 Security Tools you should make the most of to protect your company.
Data Loss Prevention (DLP)
Your company should already have a data loss prevention strategy in place to ensure that confidential or personal data can’t be uploaded, shared or emailed. In Office 365, DLP is available in SharePoint Online and Exchange, and can also be integrated into Enterprise Search. With this, you can create policies to restrict content being saved to certain locations, such as One Drive for Business and SharePoint Online sites. By configuring DLP to run in “test” mode, it will report on where your users are downloading and storing their data, without being enabled.
Another powerful option is to use a product like PA File Sight, which can audit and alert you to who is accessing your files, whether they are Office 365 documents or not. You’ll find out the user account and the IP address/computer the user was on when read, writing or deleting the files.
Rights Management
Using the inbuilt rights management feature in Office 365 protects documents and email with encryption and an associated usage policy. Documents can then only be used by the intended recipients for the intended purpose. You can set up content expiration rules and set offline access settings, as well as set policies at the document level so that unauthorised users can’t open a Word document saved to a shared drive, for example.
Office 365 Message Encryption
Message encryption in Office 365 requires the recipient to log in to read and reply to the encrypted message. It typically works through a one-time passcode to access the email in question, and you can customise the email notification and portal that users interact with.
Mobile Device Management (MDM)
Mobile device management helps protect data on end user devices. MDM allows you to set up conditional access, user level policies, manage the users’ devices, and fully or selectively wipe the device if necessary.
Multi-Factor Authentication
Multi-factor authentication requires more than just a user name and password to authenticate to Office 365. It can be set up on a user-by-user basis. Users must login with a user name and password, and then they’ll either receive a phone call or text message (depending on the configuration) and they must answer the call or enter the access code received via text into the browser. IP addresses can be whitelisted, meaning when users are in your office, they don’t need to use multi-factor authentication, but if they’re out to lunch, it will be required
Advanced Threat Protection
Exchange Online Protection currently covers all Exchange Online mailboxes as part of their subscription. Advanced threat protection will be available later this year as an additional subscription to protect your tenant from advanced threats such as spear-fishing and zero-day malware attacks.
Client Security
Don’t overlook security on the client machines that will access your Office 365 environment. Make sure security patches on the client machines are up to date. You can also set client policy rules using Active Directory Federation Services that restricts users from logging in if they are on a given range of IP addresses.
Office Client Deployment
Office client deployment keeps client versions of Office up to date through the latest security updates. You do have flexibility with regard to updates, for example you can opt in to feature and bug fixes quarterly. You can control your Office deployments using an XML-based deployment process called Click2Run.
Sharing Content
The admin portal offers the option to enable or disable content sharing. You can turn sharing on or off for different apps within Office 365, including Sites, Calendar, Skype for Business and Integrated Apps. Reports are available that show what has been shared with whom, and you can revoke sharing directly from the admin centre without needing to go directly into the app’s settings.
In conclusion
We’ve provided a brief overview of the Office 365 Security Tools you should make the most of. However, the needs of every organisation are different, and you should always ensure that you adapt security settings to your requirements rather than assuming that the default options offer a satisfactory level of protection. Lastly, as all cloud based services evolve developers will add greater levels of security along with enhanced customisation options, so you should always ensure that you are using the latest version of Office 365 or other cloud based service so as to benefit from new features as they are rolled out.
Des Nnorchiri
Des Nnochiri has a Master’s Degree (MEng) in Civil Engineering with Architecture, and spent several years at the Architectural Association, in London. He views technology with a designer’s eye, and is very keen on software and solutions which put a new wrinkle on established ideas and practices. He now writes for markITwrite across the full spectrum of corporate tech and design. In previous lives, he has served as a Web designer, and an IT consultant to The Learning Paper, a UK-based charity extending educational resources to underprivileged youngsters in West Africa. A film buff and crime fiction aficionado, Des moonlights as a novelist and screenwriter. His short thriller, “Trick” was filmed in 2011 by Shooting Incident Productions, who do location work on “Emmerdale”.