Office 365 White Paper
Office 365™ Security
White Paper
Office 365™ Security
White Paper
© 2013 Microsoft Corporation. All rights reserved. This document is provided "as-is." Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. You bear the risk of using it. This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes.
Introduction 2 Office 365™ Security 3 Built-In Security 4 24-Hour Monitored Physical Hardware 4 Isolated Customer Data 4 Automated Operations 4 Secure Network 4 Encrypted Data 4 Microsoft Security Best Practices 5
Security Development Lifecycle 5
Traffic Throttling to Prevent Denial of Service Attacks 5
Prevent, Detect, and Mitigate Breach 5 Customer Controls 6 Enabling Advanced Encryption 6 Enabling User Access 6
Customer-End Federated Identity and Single Sign-On Security Provisions 6
Two-Factor Authentication 6 Enabling Compliance 7
Data Loss Prevention (DLP) 7
Auditing and Retention Policies 7 eDiscovery 7
Data Spillage Management 7 Enabling Anti-Spam/Anti-Malware 7 Independent Verification and Compliance 8 ISO 27001 8 FISMA 8 HIPAA BAA 8 EU Model Clauses 8 Cloud Security Alliance 9 Conclusion 9
Introduction
The ability for organizations to control and customize security features in cloud-based productivity services, such as email, calendars, content management, collaboration, and unified communications, is becoming an essential requirement for virtually every company. Today, IT teams are being required to deliver access to productivity services and associated documents and data from more devices, platforms, and places than ever before. While user benefits are undeniable, broader access makes security management more challenging. Each endpoint represents a potential attack surface and another point of
White Paper
Office 365™ Security
White Paper
© 2013 Microsoft Corporation. All rights reserved. This document is provided "as-is." Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. You bear the risk of using it. This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes.
Introduction 2 Office 365™ Security 3 Built-In Security 4 24-Hour Monitored Physical Hardware 4 Isolated Customer Data 4 Automated Operations 4 Secure Network 4 Encrypted Data 4 Microsoft Security Best Practices 5
Security Development Lifecycle 5
Traffic Throttling to Prevent Denial of Service Attacks 5
Prevent, Detect, and Mitigate Breach 5 Customer Controls 6 Enabling Advanced Encryption 6 Enabling User Access 6
Customer-End Federated Identity and Single Sign-On Security Provisions 6
Two-Factor Authentication 6 Enabling Compliance 7
Data Loss Prevention (DLP) 7
Auditing and Retention Policies 7 eDiscovery 7
Data Spillage Management 7 Enabling Anti-Spam/Anti-Malware 7 Independent Verification and Compliance 8 ISO 27001 8 FISMA 8 HIPAA BAA 8 EU Model Clauses 8 Cloud Security Alliance 9 Conclusion 9
Introduction
The ability for organizations to control and customize security features in cloud-based productivity services, such as email, calendars, content management, collaboration, and unified communications, is becoming an essential requirement for virtually every company. Today, IT teams are being required to deliver access to productivity services and associated documents and data from more devices, platforms, and places than ever before. While user benefits are undeniable, broader access makes security management more challenging. Each endpoint represents a potential attack surface and another point of