Sergey Nivens - Fotolia
Office 365 has grown in popularity since Microsoft first made the cloud-based productivity, communication and collaboration...
suite generally available in June 2011. So much so, Microsoft said it now supports over 120 million active Office 365 users in commercial environments. That means developing and enforcing an Office 365 data protection strategy must be high on IT professionals' to-do lists as they deal with exponential growth in Office 365 deployments.
A March 2018 Osterman Research white paper, "Supplementing the Limitations in Office 365" corroborates Microsoft's success with Office 365. Osterman's surveys showed that Office 365 penetration among corporate users at midsize to large organizations has grown steadily year to year from 5% in 2014 to more than 60% this past January. That's a 1,200% increase in Office 365 use over four years. Furthermore, the firm predicted Office 365 corporate penetration will hover close to 80% by January 2019.
In its white paper, Osterman Research noted that Office 365 does a lot well, but not everything. Nor is it meant to. Rather, Office 365 is often the solid foundation organizations can build upon by integrating products from third parties and Microsoft itself to more fully meet their communications, collaboration, security, archiving, backup and recovery, compliance, storage and other requirements. This is particularly true of midsize to large-size corporate environments, using Office 365 data protection and storage management features.
Office 365 data protection
Archiving is an example of an Office 365 data protection feature that requires third-party support to be more fully realized. It isn't offered natively for all Office 365 content types, including SharePoint; certain additional message types, such as iOS and Android texts; and third-party content. Users must turn to third-party products to make sure these types of messages are properly archived.
Office 365 Message Encryption was significantly improved and simplified in 2017 when Microsoft tied Office 365 encryption to Azure Information Protection and Azure Rights Management. Sign-in restrictions were also eased.
Some advanced data protection features in Office 365 include the following:
- Advanced Threat Protection to check links and attachments to block known, unknown and emerging threats in Exchange Online, SharePoint Online and OneDrive for Business and Microsoft Teams;
- Advanced Data Governance, a service feature in Enterprise E5 version of Office 365 that can automatically and proactively apply sensitivity labels to data as it is generated; and
- data loss prevention policies that identify and block unwanted access to and external sharing of sensitive data in SharePoint and OneDrive for Business documents, as well as lock and block documents from external sharing.
Multi-Geo and GDPR
Microsoft has new a paid service, called Multi-Geo, that lets organizations with more than 10,000 Office 365 users use a single Office 365 tenant -- rather than a complex setup of multiple interrelated tenants -- but still segregate data across several geographic regions. Initially available for Exchange Online and OneDrive with SharePoint Online due next, the ability to segregate content and data across multiple local Office 365 data centers has positive legal, government and compliance for data protection implications.
The data protection aspects of Office 365 are particularly important when it comes to compliance with the European Union's General Data Protection Regulation. GDPR aims to protect EU citizen's personal data, including ensuring the right to be forgotten. Enforcement of the new regulation began May 25.
Knowing what Office 365 can and cannot do and where your organization should supplement Office 365 data protection features and capabilities has taken on greater urgency. The punitive fines for GDPR noncompliance are simply too costly, even for the largest of enterprises, to get caught flat-footed. That's the case with Office 365 data protection or that of any other area of IT where EU residents' personal data may be acquired, processed or stored.
This infographic presents some facts and figures regarding Office 365 data protection and storage management, security, compliance, backup and recovery features highlighted by Osterman Research in its white paper.
- Impact of General Data Protection Regulation on Storage Systems –IBM
- The EU General Data Protection Regulation –Oracle Cloud
- Implementing General Data Protection Regulation in SAP Environments –Attunity
- Preparing for the General Data Protection Regulation –Fortinet, Inc.