Today’s post was written by Brenda Carter, principal content developer for Office 365 enterprise adoption.
Microsoft provides the most comprehensive set of identity and information protection capabilities for customers. However, the breadth of capabilities can be daunting. We get a lot of requests for help determining which features to implement and where to start—especially with Office 365.
Today, we’re pleased to share two new resources designed to help you take a systematic approach to security and information protection. These were developed in partnership with our cybersecurity consulting team. I’ve learned a great deal by working with this team to create content to support our customers in adopting Microsoft cloud services, including Office 365. But you don’t have to hire this team to take advantage of their experience working one-on-one with customers across many industries. The basic concepts that drive an Office 365 security engagement are published in two visual resources.
Cloud security for enterprise architects
The first resource is a set of posters that provides an overview of what IT architects need to know about security in Microsoft cloud services and platforms.
This set of posters includes a graphic summarizing the areas of security ownership for both Microsoft and our customers:
This mini-poster set details the work in each of these categories and includes links to resources with more information about each responsibility. When you look at the work that is accomplished for integration with Office 365 (SaaS columns), you can see that you’ve completed work that also applies to PaaS, IaaS and on-premises workloads. If you want help with this work, the last page in this poster-set includes information about engaging our cybersecurity consulting team.
Below are several download options for these posters:
Help for Office 365
The second resource is a poster that helps you plan your information protection strategy based on the needs of your organization.
This poster highlights the methodical approach to information security recommended by our cybersecurity team:
Many large organizations categorize data into five or more levels or groups to determine which controls to apply. Our cybersecurity consulting team recommends three groups as a starting point. I’ve also observed enterprise organizations recently consolidating to fewer groups to simplify information protection.
This can be as simple as the following example:
- Level 1—Minimum standard for all data.
- Level 2—Sensitive data, apply targeted controls to this data.
- Level 3—High value assets (HVAs), apply the strongest protection to this data.
The recommended approach is to start by implementing controls for a minimum standard and work up to the HVAs. This approach allows you to gain experience with basic features before applying more complex features. However, if you hire our consulting team, their first priority will be to secure your HVAs no matter where this data resides. If your deployment of Office 365 already includes HVAs, start with this category.
Below are several download options for this poster:
For more information about implementing these capabilities, see: Plan for Office 365 security and information protection capabilities.
Get more in-depth resources that describe identity, security, storage, networking and hybrid solution for the IT industry’s most comprehensive cloud solution at aka.ms/CloudArchitecture.