The future is in the cloud, and for corporations that increasingly rely on remote working practices, that future is now. Cloud storage systems are well-established, but with software like Microsoft Office 365 gaining prominence, our once-physical offices are going digital. But new allegations about Microsoft's mishandling of customer data have raised security concerns. How safe is Office 365?
Microsoft’s Office 365 offers classic productivity tools like word-processing and powerpoint presentations, along with extensive OneDrive space. The complete software suite contains communication tools, scheduling aids, and encrypted cloud-based storage.
However, the system’s security remains an open question. Anyone even remotely acquainted with the world of cybercrime and online security will understand that a system like this could be a tempting target. Furthermore, recent allegations against Microsoft have raised new concerns about their own ability to keep user data safe.
For enterprise customers relying on Microsoft, the news of a recent lawsuit against the company may be troubling.
A legal complaint in the US has alleged that the creators of Office 365 may have been profiting on paid user data through undisclosed back-channels. The lawsuit makes a number of claims:
With Microsoft themselves regularly highlighting the importance of security and regulatory compliance, these allegations would represent a severe breach of trust if proven.
It can be easy to dismiss the seriousness of these allegations; after all, Microsoft is accused of sharing data with other companies and developers, not with criminals. However, it’s worth noting the immeasurable damage that a corporate data breach can cause, and examining the reasons for such an event.
Just one compromised employee account can give criminals wide-ranging access to company databases, customer information, and internal networks. For a business of any size, that could mean massive financial losses and a damaged reputation among consumers and clients.
Breaches of this kind often occur when private information is shared too widely and given to third-parties that may not uphold standards of best practice. Just because Microsoft maintains high levels of security doesn’t mean the hundreds of third-party companies they share data with will do the same.
Office 365 users need to know that they can trust Microsoft to do everything they can to maintain security and compliance.
With Microsoft marketing Office 365 towards corporate users, security and compliance plays a big role in the viability of the product for many potential customers. The developer has been keen to support users with both of these elements, but what does that really entail?
Firstly, what is the difference between security and compliance?
Microsoft offers a range of practical tools to enhance security, but they also provide users with the Microsoft 365 Compliance Centre. This hub makes resources and compliance scoring systems available, and is regularly updated.
It’s worth noting, however, that Microsoft stresses the importance of shared responsibility in this area, saying, “Managing security and compliance is a partnership. You are responsible for protecting your data, identities, and devices, while Microsoft vigorously protects Microsoft 365 services.”
Considering the allegations now raised against Microsoft, users may be concerned about the other half of their partnership. While resources like the Compliance Centre are useful, the developers need to maintain compliance with their own stated standards.
A key step towards enhanced security in Office 365 is the enabling of its two-factor authentication (2FA) features. This can add a robust layer of protection to the system’s perimeter and lower the risks of password cracking.
2FA is similar to two-step verification (2SV), but differs in that it demands more definitive proof of each login’s authenticity. With 2FA, users who want to access their Office 365 account will first have to input their password, and then prove that they have access to a seperate verified device, like their phone.
After the password has been submitted, users are prompted to confirm their identity via their smartphone. This can even be done using a fingerprint if the device carries a biometric scanner. 2FA lowers the likelihood of a criminal cracking an employee’s password and gaining access to the network as a whole.
At the heart of Office 365 is OneDrive, Microsoft's cloud storage platform. The security of the entire Office 365 system largely depends on OneDrive’s defenses against hacking and cyberattacks.
OneDrive comes with inbuilt security features, including data encryption both in the cloud and on any connected devices. While users are still the ones responsible for maintaining security and compliance, Microsoft provides a safety net. But is OneDrive really as safe as Microsoft makes out?
Although OneDrive hasn’t suffered any headline-grabbing breaches yet, the allegations against Microsoft should encourage users to be sceptical of the company’s security standards. Cloud storage is clearly a useful tool for modern businesses, but customers should make sure they’re choosing the right service for their needs.
Businesses cannot afford to view a software suite like Office 365 as a one-size-fits-all solution. Security measures work best when layered with other complimentary systems, buttressed by human-assured best practices.
Take these four steps to make Office 365 more secure, so you can enjoy maximum benefits with minimum risk.
With NordVPN, you can ensure that all browsing traffic, including passwords and other sensitive information, is wrapped in layers of next-generation encryption. For corporate clients, the NordVPN Teams service offers a bespoke enterprise solution that can work in tandem with software like Office 365. Securing your data is a process; start with NordVPN.
For more cybersecurity news, subscribe to our monthly blog newsletter below!