“Is my data secure in a Microsoft O365 SharePoint deployment?”, “How can I meet HIPPA, SOX, NERC, FERC and Dodd-Frank regulatory compliance in the Cloud?” and “Who has access to the data in a Microsoft O365 SharePoint deployment?” These are questions that I’m asked frequently by our clients when talking about Microsoft O365 SharePoint cloud solutions and if you weren’t scared off by the first two questions, you’ve gotten to this point in the blog and you’re looking for that easy answer, sorry, there isn’t one.
When asked these types of questions by our clients I like to provide them with the published guidance and relevant information that can assist them in making the best informed decision. I’m a consultant and must take an advisory approach. These types of decisions require that the client and their legal counsel have all the information necessary to make the best decision on behalf of the officers and directors of the company and safeguard their fiduciary responsibility.
That said, it may become apparent that due to regulatory compliance, contractual restrictions or security constraints that are placed on content it might appear to be impossible for a company to migrate to the cloud. But do these restrictions apply to all the content? In this case, an initial assessment of content would be required to determine what content falls under the restrictions and what does not. In most cases all content in an enterprise does not fall under the same restrictions which might allow a hybrid (On Premise and Cloud) solution to be realized.
Like any deployment of SharePoint whether On Premise or in the Cloud, these are just some of the risks that must be identified, managed and addressed early in any Microsoft SharePoint implementation.
The fundamental purpose of this blog is to bring some valuable resources together in one place to assist in beginning to answering such questions.
The Office 365 Trust Center
Built-In Security - Office 365 is a security-hardened service, designed following the Microsoft Security Development Lifecycle. Microsoft brings together the best practices from two decades of building enterprise software and managing online services to give you an integrated software-as-a-service solution.
Privacy by Design - When you entrust your data to Office 365 you remain the sole owner of the data: you retain the rights, title, and interest in the data you store in Office 365
Continuous Compliance - Office 365 is a global service and continuous compliance refers to our commitment to evolve the Office 365 controls and stay up to date with standards and regulations that apply to your industry and geography.
Operational Transparency - Moving to a cloud service shouldn’t mean losing access to knowing what’s going on. With Office 365, it doesn’t.
Global Foundation Services
GFS is the group that powers the Microsoft's cloud services. They were formed to focus on smart growth, high reliability, operational excellence, cost-effectiveness, environmental sustainability, and a trustworthy online experience for customers and partners worldwide.
Are these all the answers? No, but a good start.
Thanks and Fair Winds