In a recent survey of IT managers and directors in enterprises with more than 1,000 employees, 39.5% of respondents said that service providers take full responsibility for protecting applications and data in the public cloud. Another 33.8% said that customers are fully responsible for public cloud security.
Just 26.7% of respondents gave the correct answer — that the cloud operates under a shared responsibility model in which the service provider secures the infrastructure and the customer protects the applications and data.
Microsoft Office 365 is no exception to this rule. The infrastructure supporting the Office 365 platform is highly secure, but customers must take steps to protect sensitive information and high-value corporate assets. Organizations need an effective strategy for controlling access to data and preventing data leaks while empowering users to take full advantage of the rich collaboration features of Office 365.
The first step is to recognize that not all of the data stored in Office 365 needs the same level of protection. Organizations should evaluate their Office 365 data and classify it based upon sensitivity. Three levels are usually sufficient for establishing data protection policies:
Once the policies are established, organizations should identify and classify Level 2 and Level 3 assets and more precisely define the technologies and processes that will be used to automatically apply the appropriate security controls. Organizations should also establish minimum security standards for user authentication and the devices accessing Office 365.
The Office 365 Secure Score can help organizations determine if they have the right security settings and practices to protect their data. Any organizations that has a subscription to Office 365 Enterprise, Microsoft 365 Business or Office 365 Business Premium can take advantage of this feature by visiting https://securescore.office.com or using the Secure Score widget in the Security & Compliance Center. (Only administrators can access Secure Score.)
Secure Score compares an organization’s Office 365 settings and activities to minimum standards and assigns points based upon configuring security features or performing certain tasks. The score is automatically updated every day, allowing administrators to see the impact their actions have on their organization’s Secure Score.
More importantly, Secure Score gives administrators recommendations as to steps they can take to improve their organization’s score. The recommendations include details on the cost to implement, the impact on users and the types of threats the action will protect against.
Of course, there’s no substitute for a detailed assessment by Microsoft experts. That’s why AdaptivEdge has developed a two-day, three-step approach that exceeds the Gold Standard set by Microsoft. And now we’re offering this engagement free to qualifying organizations. Click here to submit your request.
Written and composed by Principal, Steve Soper