Expanding Microsoft 365 Security and Compliance
To some organizations out there, moving to the cloud may seem like an unnecessary risk. I had a discussion with a fellow Microsoft MVP this morning where we discussed some of his current projects (within the SharePoint and Microsoft Teams ecosystem), and he stated that a good portion of his current customers remain largely on-prem with their primary collaboration and knowledge management workloads. Having conducted research into hybrid SharePoint as recently as 2019, I’m not entirely surprised to hear that there is still some resistance out there. While Microsoft has made huge strides in educating their customers about the stability and security of the cloud, there is still much work to be accomplished to help customers understand where they should be optimizing within hybrid or pure-cloud solutions.
Having said that — whether your environment is on-premises, in the cloud, or in a temporary or permanent hybrid state, it is critical that organizations clearly understand their security and compliance requirements, and whether these requirements are being met. All planning should begin with a detailed, step-by-step review of security and compliance policies and procedures, mapping out how each of them is currently accomplished. As organizations consider moving to the cloud, they should use this baseline to understand how each will be accomplished within the future environment, and how current metrics and key performance indicators (KPIs) will be updated.
Extending Basic Features
Security and compliance are rapidly evolving areas within the collaboration technology sector. Many organizations are overly reliant on the tools and platforms they use to provide the right security and compliance coverage. Unfortunately, it is far too common that companies do not do more in these areas until there has been a security breach, or under the threat of fines due to non-compliance. For example, organizations that do business in or with customers in the European Union scrambled to understand and prepare for the General Data Protection Regulation (GDPR) which went into effect in May 2018, rather than proactively create data management policies and procedures to meet these and future industry and governmental changes.
Microsoft is making tremendous investments in data security and compliance to ensure that they themselves remain compliant with local, regional and international security and compliance regulations and standards. Additionally, they are also creating tools and guidelines to help their customers achieve compliance and remain compliant. Microsoft is investing heavily in this area because they understand that to convince enterprise customers to give up real or perceived control of their data and environments, the company needs to be a leader in security and compliance
Building On Strengths
What fascinates me about many of the concerns that I still hear from customers is that many of them are the same concerns that I heard back in 2001 when I was working for E2open in Redwood City, California and helping to build out a hosted collaboration platform and service, with deployments with global companies like Hitachi, Seagate, Matsushita, and many others within the high-tech manufacturing sector. Security was the number one concern back then, and remains the number one concern for moving to the cloud today.
Microsoft has three primary strengths that are helping to accelerate the maturity of their cloud platforms, with Microsoft 365 at the center:
- Their focus on business. Microsoft cloud’s strength lies in its extensive product base. It is the most attractive solution provider for enterprise customers who already use Microsoft products and are invested. According to Statista, as of June 2021 there are more than one million companies worldwide using Office 365, with more than 250 million monthly active users (MAU) using Microsoft Teams, as of Microsoft’s Q4 FY21 data. Both for SMB and Enterprise customers, Microsoft Office products seem to be the foundation for business operations in modern society. Microsoft largely focuses on targeting businesses, but in recent years has also been expanding their marketing strategy to reach specific industries and market segments.
- Rapid expansion of PaaS and IaaS. Microsoft Azure originally started as a Platform as a Service (PaaS) offering but has since moved toward Infrastructure as a Service (IaaS). Microsoft has made Azure, and other cloud services, a high priority and has gained traction with current Microsoft customers because of Azure’s tight integration with existing Microsoft products .
- Security as design principle. Due to the technology shift, more and more customers are willing to move their data to the Microsoft cloud. But their major concern is the security issue. Therefore, Microsoft has invested heavily and focused on improving the security of its cloud products. Cyber security has become one of their most important design principles and features because hackers are becoming more sophisticated and organized, with Microsoft offering three levels of security, namely physical security, logical security and data security. Apart from these, Office 365 also offers enterprise user and admin controls.
The Office 365 platform supports customers around the world with many different standards and regulations guiding the handling of information assets. As such, Microsoft is constantly adding to the list of compliance and security standards supported, while at the same time expanding their data center footprint to reach customers in under-served areas of the world.
While Microsoft’s efforts should inform your organizational security and compliance planning, a more holistic and comprehensive review of industry research and trends, expert guidance, and your own internal experience.
To find out more about Microsoft 365 security and compliance capabilities:
- A great place to start is the Microsoft 365 solution and architecture center, which is a great resource for solution guides, architectural guidance, and risk assessment templates.
- Another excellent resource is the free eBook The Value of Automated Office 365 & Teams Governance from AvePoint, which will give you a more granular view into the ongoing management of SharePoint, Teams, and more.