It’s the New Year and one of the things that I hope gives you increased peace of mind in 2016 are the continued investments that we are making to protect your information within the Office 365 service, as I explain on our latest episode of “From Inside the Cloud.”
To put this into context, Office 365 has one of the largest data sets in the world. As people author and share files, send email and collaborate on their day-to-day tasks, terabytes and terabytes of enterprise data flows through the service at any given time.
We focus on protecting your data everywhere it is authored and shared, without disrupting your ability to get work done. This is a very real and vital engineering goal and requires an approach that balances both information security and end user needs. It starts with harnessing the intelligence of the service itself and providing the controls to tailor protection to your specific organization requirements.
In previous episodes of “From Inside the Cloud,” we covered the physical security of our datacenters and our assumed breach approach to harden the service for everyone. In this episode, I hope to offer more perspective on how we are engineering information protection within the Office 365 service.
Perhaps the most important engineering principle we adhere to is ensuring that you are able to define and set rules for your data that follow your data. This is a departure from past approaches in the industry where the focus was on protecting device endpoints. Most importantly, we don’t want you to have to take your data out of the service to protect it. We offer pervasive protection, which means the controls are built into the service.
Data Loss Prevention (DLP)—allows you to set granular data policies
Data Loss Prevention (DLP) in Office 365 allows you to set granular policies that govern your data and define specific actions taken when information is shared.
Setting policy to ensure that sensitive information is encrypted or rights protected via DLP.
To minimize disruption for you, as an end user, we need to ensure that the protection we offer is not counterproductive. We follow a people-centric approach to make sure that everything happens in the background. For example, as you are authoring a document that contains sensitive information we warn you if the action places your data at risk through policy tips. These are based on the policies that you have set.
Policy tip highlighting sensitive information at the point of document authoring, based on a policy set via DLP.
In addition, we protect your data independent of where it resides, while additionally ensuring device protection. At the foundation is robust identity and access management that governs who has access to your data and sets permissions that may be revoked at any time from the user. With mobile devices, you can even selectively remove corporate data from any managed device.
Selective wipe of a user’s device to remove organizational data.
Advanced Threat Protection (ATP)—proactively protects against incoming threats
Another example of how the service proactively protects you from incoming threats from external sources is Advanced Threat Protection (ATP). For example, as you are reading your email, the service may be activated to isolate suspicious attachments and block malicious links across your devices to protect you from phishing attacks. All suspicious content goes through a real-time behavioral malware analysis that uses machine learning techniques to evaluate the content for suspicious activity.
Blocking of a malicious link through ATP in Office 365.
This service-level protection is an example of intelligent protection where we track vulnerabilities at scale through machine learning and mitigating them. Today, we give you the ability to programmatically access our service logs to integrate with your in-house or third-party security monitoring systems. In the future, with the intelligence available in the Microsoft Cloud, we see the potential to aggregate security signals so that you can gain a 360-degree view on the security of your data even outside of the Microsoft Cloud, including data stored on-premises, in other Cloud services and on devices.
I hope that you enjoy watching today’s overview on Office 365 information protection—this is an area of continuous innovation for us, so please keep checking back with us for more updates.
—Rudra Mitra partner director PM for the Information Protection team.