Kamal Janardhan is the principal program manager in the Office 365 Information Protection team.
In our last few From Inside the Cloud posts, we offered an insider’s perspective from lead engineers Perry Clarke, Vivek Sharma and Shawn Veney on how we protect your data at rest, who has access to your data within Office 365, and how Office 365 does continuous compliance. They explained the various mitigations that we have in place for data security, access control, and ensuring that customers have the ability to comply with regulations or their own organizational policies.
These posts followed an overview on why trust Office 365 with Rajesh Jha, the head of Office 365 engineering, who emphasized how we ensure that you retain full ownership of your data in the Office 365 service. Today I want to take that aspect of the discussion a step or two further by exploring how this translates to the value that we are engineering into Office 365.
How we aim to raise the bar on visibility and control of your organization’s data with the Office 365 service
When you move to the cloud, a key tenet of ownership is the level of visibility and control you have over your data. In today’s From Inside the Cloud three-minute overview, I focus on how we want to raise the bar on that visibility and control, much beyond what you can do in your own on-premises environments today.
How do we hope to deliver on this vision of ownership? We believe that visibility and control means three things (1) being able to view the data (2) being able to take actions on it and (3) being aware of what actions were taken at any time.
In many on-premises environments today, achieving this level of visibility and control is more complex than it is in the cloud. The burden is on you to define and implement consistent configuration with appropriate data access and distribution policies across all your workloads. This can be a costly process and usually requires specialist staff for compliance and IT administration. In Office 365, that visibility into your organization’s workloads is integrated directly into the service.
Archiving and eDiscovery are built directly into Office 365 on the workload’s data store, so you can take actions like preservation, deletion, auditing, and data loss prevention, as well as do an organizational search using our eDiscovery tools, based on person, date range, keyword and other rich criteria. Because you are acting on the most recent version of the data in the workload, you can search within a user’s IM conversations, mailbox, or site libraries and preserve or delete as needed.
Viewing and acting on the data are privileged operations and within Office 365 we define roles that have these abilities for a given set of users. The scope and reach of these roles is defined by you, the customer, and our goal is to enable you to track all changes to these privileged roles. We also want to enable the compliance officer to keep the organization safe without disrupting the productivity of the user. With this in mind, when you perform an eDiscovery query, you can preserve, export, preview and copy the data without impact to the information worker. Our hope for the long term is to give you an organizational view that enables you to easily see the history of any action taken on your data by individuals in your organization. This history can drive your decisions to put proactive compliance controls in place or take reactive action to reduce risk.
Please share any and all feedback about what you see in Office 365. We’ve come a long way but still have farther to travel to fulfill the promise of our vision. We hope you’ll be willing to take that journey with us.
For more information on what is included in Office 365, read our detailed whitepaper, Customer controls for Information Protection in Office 365, available on the Office 365 Trust Center.