Back
Office 365

May Office 365 security and compliance update

Share on Facebook Share on Twitter Share on Linkedin Share via OneNote Share via Email Print

Over the last month, the Office 365 team has continued to introduce new security features and capabilities while gaining accreditation around the world for upholding the highest standards in cloud security.

Below is a roundup of some key news items from the last several weeks.

Email Safety Tips in Office 365—Today’s spam and malware attacks are sometimes so well crafted they may look like legitimate emails to your users. Putting messages into the Junk Email folder isn’t enough. Over the coming weeks, we are rolling out Safety Tips in Exchange Online Protection, which provides a warning to the user in an email that is marked suspicious or a reassurance when a message is safe.

New regions and capabilities available for Office 365 Import Service—The Office 365 Import Service is now generally available and has expanded to new regions with additional capabilities that make it even easier to import data into Office 365.

Automate time-consuming eDiscovery search tasks—Quickly creating and reporting discovery searches is often an important step in eDiscovery and investigations when you’re trying to learn about the underlying data and the richness and quality of your searches. To help you do this, the Office 365 Security and Compliance Center offers a set of Windows PowerShell cmdlets to automate time-consuming Content Search tasks.

Yammer attains advanced Office 365 compliance—Recently, we announced that Yammer has achieved a series of industry-leading security and compliance standards, including ISO 27001 and SSAE 16. These independent compliance reports are now available to customers at the Office 365 Service Trust Portal, so customers can easily perform their own regulatory risk assessments. To learn more about industry standards and regulations that Office 365 supports, view the Office 365 Compliance Framework.

How Microsoft monitors and protects sensitive data in Office 365—Microsoft IT recently released a case study on how it leverages the data loss prevention solution in Office 365 to help reduce the risk of sharing sensitive data while still promoting collaboration.

Office 365 now accredited for Cloud Security Gold Mark in Japan—The Cloud Security Mark (CS Mark) is the first security standard for cloud service providers (CSPs) in Japan and is based on ISO/IEC 27017, the international code of practice for information security controls. The CS Mark helps customers verify operational transparency and visibility into Office 365’s information security controls and address common concerns around security and confidentiality of data. The CS Mark is accredited by the Japan Information Security Audit Association (JASA). JASA developed the Authorized Information Security Audit System (AISAS), which specifies the audit of approximately 1,500 controls covering such areas as organization for information, physical and development security; the security of human resources; and business continuity, disaster recovery and incident management. After rigorous assessments by a JASA-certified auditor, Office 365 is one of the first cloud service providers that has received the CS Gold Mark.

Office 365 along with Azure is first hyperscale cloud service provider to receive Spain’s National Security Framework—The framework establishes core policies and mandatory requirements that government agencies must meet, as well as require, for its service providers. It defines a set of specific security controls for different classifications of security—availability, authenticity, integrity, confidentiality and traceability. Microsoft Azure and Microsoft Office 365 have gone through a rigorous assessment by BDO, an independent auditor, which issued an official statement of their compliance. BDO reports that the security measures in both services, as well as their information systems and data processing facilities, comply at the high level with Royal Decree 3/2010 (which forms the basis of National Security Framework for Spain) without requiring any corrective measures.

Can a shift to the cloud improve your security posture?

As many of our customers are now discovering, keeping up with changes to the security landscape is one of the unique advantages of the cloud. In fact, there are a number of properties that make the cloud inherently different versus managing your own IT services. These go well beyond security, but have important security implications and benefits.

Watch this video for a look at security in the cloud:

Top