IT Pros today are focusing more than ever on how to give employees access to information, provide collaboration tools for inside and outside the company, and to do it all across a multitude of devices. While end-user expectations and demand for the latest tools is high, IT has to balance this pressure to meet users’ needs with meeting corporate policies, industry regulations, and government laws. Historically, security and compliance technologies and mandates were perceived as disruptive to productivity, driving down employee satisfaction while driving up IT costs on the not-so-sexy stuff. We know that if users feel impeded by technology they’re given, they often look for ways around it, which in turn can create new corporate non-compliance issues and bring the problem full circle. That said, it’s difficult to run a competitive business with information and access totally locked down: the trade-off on agility and decision making in this time of business mobility is too great.
This reality is why we believe that the most well-run organizations are those where people are empowered to do their best work, on any device, while IT staff are able to responsibly manage security and compliance.
With Office 365, we think about security, compliance, and privacy as having two equally important dimensions: service-level capabilities that include technical features, operational procedures, and policies that are enabled by default for customers using the service; and customer controls that include features that enable businesses to customize the Office 365 environment based on the specific needs of their organization. Today at the Microsoft TechEd North America conference we’re sharing several key capabilities we’re delivering in those areas.
We’ve continued to make investments in security with our layered defense strategy at physical, logical, and data layers where we have technologies, processes, and best practices to keep your data secure in our data centers. We have also built user-level encryption features like S/MIME, Office 365 Messaging encryption, and data loss prevention (DLP) fingerprinting into the service in the past few months. Our latest encryption feature will start to deploy to Office 365 business customers beginning in July. The technology moves beyond a single encryption key per disk to deliver a unique encryption key per file. With advanced encyption technology, every file stored in SharePoint Online and OneDrive for Business is encrypted with its own key, and subsequent updates to a file are encrypted with their own unique key as well. This new encryption method also distributes a customer’s files across multiple Microsoft Azure Storage containers, each with separate credentials, rather than storing them all in a single database. By spreading encrypted files across storage locations, encrypting the map of file locations itself, and physically separating master encryption keys from both content and the file map and makes OneDrive for Business and SharePoint Online highly secure content storage for your data.
Mobile device management for Office 365
For today’s employees, a mobile device is their first and sometimes only connected device. This means that businesses need to provide a rich and secure experience to access Office documents and emails without restricting users to a one-size-fits-all application. With Office and OWA for mobile devices, users soon will be able to access corporate data from within Word, Excel, PowerPoint, OneDrive for Business, and OWA mobile in a protected manner based on IT policy defined through Windows Intune. IT departments will be able to apply policies across Office mobile apps to allow their users to create, view, edit, and share content only between managed applications. These managed Office applications will be available for iOS and Android phones later this year. You can read more about the new features in Windows Intune announced today at TechEd North America here .
Data loss protection for SharePoint Online in Office 365
Starting in June, our existing data loss prevention (DLP) capability available in Exchange will expand to include documents stored in SharePoint Online and OneDrive for Business for Office 365 Enterprise E3 customers. DLP prevents the sharing of sensitive content either inside or outside an organization by automatically classifying and identifying a customer’s data at rest using deep content analysis. IT administrators can then construct queries through the eDiscovery Center, similar to how they already perform compliance queries, and view or export the results.
Office 365 Trust Center
Finally, we remain committed to maintaining open communication with our customers about how we manage your data, maintain your privacy, and help you achieve compliance using Office 365. To this end we are re-launching our Office 365 Trust Center information portal, with engaging and dynamic content like videos and deeper content such as whitepapers and blogs. We’ll continue to refresh the Trust Center with new information that you care about. We’ll offer you an insider’s view of how we design and run the Office 365 service from the engineers behind it, through a regular blog and video series called “From Inside the Cloud” featured on the Office 365 Trust Center. The first two conversations are “Why trust Office 365?” and “Is your data safe at rest?”
In building all of these capabilities, we never sacrifice the user’s productivity, which is important not only to your organization’s productivity, but also to getting user compliance with your policies. Our philosophy in these innovations is not to lock down information and access, but to help users make the right decisions. By following this philosophy, we offer a great user experience that informs them of the choices they are making, automatically takes action on their behalf and, where appropriate, allows them to knowingly proceed. This means that they can choose to move forward with their work, with the knowledge that their actions are being logged and audited.
Security and compliance technology shouldn’t be bolted on, after the fact, to an expensive and often fragile system; it should be built right into the productivity technologies themselves. In our innovations in this area, the security and compliance technology is a fundamental part of Office 365, so there is nothing to bolt on to your system later.
And we know that you expect to own your data when you move to the cloud and to retain visibility and control. No one wants to take unnecessary risks with their data and you absolutely do not have to. Our work here is not done. We will continue to add security, privacy, and compliance capabilities to Office 365, while we continue to be transparent about what we do and how we do it through the Office 365 Trust Center.