Last week, I attended a great Microsoft session concerning Compliance and Data Protection across the Office products, focusing on Archiving, Retention / Hold, Discovery and Data Loss Protection concerning compliance in 2013 products. I mentioned that I have clients who are interested in Office 365 but need some comfort concerning compliance, and queried if there was further information available. Was informed that there was a document available that described this which I must share with you all.

This document covers topics such as Office 365 Built in Security, like monitoring, isolation, automated operations, secure network and encrypted data. It describes security best practice, and the customer controls. It talks about how compliance is enabled through DPL, audit and retention, eDiscovery and Data spillage. It also describes the standards of compliance met, like ISO 27001, FISMA, HIPAA BAA, EU Model Clauses, and the CSA (Cloud Security Alliance).

If you are embarking on SharePoint migration to Office 365, or having a hybrid operation with on-premise SharePoint and Office 365, I would recommend reading this paper, as it will give you valuable information proving to the customer that Office 365 includes security features, protects data and provides administrators with the ability to configure, integrate and manage security.

To give you a taster, here’s the intro:

The ability for organizations to control and customize security features in cloud-based productivity services, such as email, calendars, content management, collaboration, and unified communications, is becoming an essential requirement for virtually every company. Today, IT teams are being required to deliver access to productivity services and associated documents and data from more devices, platforms, and places than ever before. While user benefits are undeniable, broader access makes security management more challenging. Each endpoint represents a potential attack surface and another point of management for security professionals. At the same time, organizations face ever-evolving threats from around the world and must manage the risk created by their own users accidentally losing or compromising sensitive data. For these reasons, organizations require a cloud service that has both (a) built-in robust security features and (b) a wide variety of customizable security features that organizations can tune to meet their individual requirements. Organizations expanding remote access while maintaining security best practices may find it difficult and expensive to add this combination of security functionality if they deploy productivity services solely on-premises.

You can download the article from here:

And from here: