(Cloud)Tip of the Day: Security of customer data in Office 365
Today’s (Cloud) Tip…Security of customer data in Office 365
We employ all of the follow methods to secure customer data in Office 365:
- Network segmentation to ensure physical separate of back-end services and devices from public-facing interfaces
- BitLocker 256-bit AES Encryption for all email content at rest (i.e., on storage media)
- Access to physical hardware is monitored and controlled by including badges and smart cards, biometric scanners, on-premises security officers, continuous video surveillance, and two-factor authentication
- Our racks are seismically braced (I just think that is cool!)
- Traffic Throttling to Prevent Denial of Service Attacks
- Deleting unnecessary accounts automatically when an employee leaves, changes groups, or does not use the account prior to its expiration
The service is also certified by a number of independent compliance checks and validations such as:
- ISO 27001
- FISMA moderate Authority to Operate
- HIPAA Business Association Agreement (BAA)
- EU Model Clauses
- Cloud Security Alliance (https://cloudsecurityalliance.org/research/projects/cloud-controls-matrix-ccm/)
See https://www.microsoft.com/en-us/download/details.aspx?id=26552 for all the details.