Bekker's Blog

Blog archive

Office 365 Compliance and Security: Perception vs. Reality

Many organizations are under some risky misconceptions when it comes to the compliance and security of their Office 365 environments.

That's the upshot of a new 37-page report by CollabTalk LLC and the Marriott School of Business at Brigham Young University titled "Organizational Security & Compliance Practices in Office 365." The report, released last week, was commissioned by Spanning Cloud Apps, RecordPoint, tyGraph, Rencore and Microsoft. (RCPmag.com sister site Redmondmag.com is an in-kind sponsor of the research.) It's based on surveys of more than 270 IT professionals, executives and managers across 19 industries, and includes commentary from several Microsoft Most Valuable Professionals (MVPs) and experts.

In short, the report found that those who believe Microsoft is doing a good job with security and compliance may not be taking the baseline steps required to ensure their environments are safe and in compliance -- in other words, they may not be doing the basic things that Microsoft's tools rely on to help ensure protection. And those who don't believe Microsoft protections are enough tended not to be aware of all the steps Microsoft takes on their behalf.

Specifically, the report said that:

  • Of those that thought Microsoft security was sufficient, 80% of respondents have either not run security and compliance checks, or do not know if they have.
  • Of those who did not think the current security protection offered by Microsoft was sufficient, 57% of respondents were not aware of Microsoft's security division.
  • Of those who did not think the current security protection offered by Microsoft was sufficient, 71% of respondents were not aware of Microsoft's overall security and compliance strategy.

One of the MVP commenters, Matthew McDermott, lays responsibility for this gap squarely on the organizations, which are themselves struggling to keep abreast of the many administrative tools, settings and options within Office 365 components and dealing with hybrid environments that involve many more platforms than just Office 365.

"The gap presented in this research is not from a lack of features, vision or direction from Microsoft; the gap comes from within organizations," said McDermott, Spanning's principal technical marketing engineer and the Conference Chair for Office & SharePoint Live!, an event run by RCPmag.com's parent company, in a statement about the report. "Companies must invest in personnel and tools to ensure compliance and secure systems. It's not enough, with today's threat landscape, to be reactive. You need to be proactive in your approach to keeping your assets and customer data safe and secure."

Another of the MVPs, Erica Toelle, product evangelist at RecordPoint, portrayed the gap as a painful step in a journey toward a better overall situation on security and compliance. "Before the cloud, people managed security and compliance all on their own. Outsourcing this to Microsoft is a good idea. Microsoft has more budget to hire the industry-leaders, so they are more secure. People don't perceive this because their understanding is immature. They don't know how much Microsoft is protecting them or not. They also don't really have complete control over the situation," Toelle stated in the report's conclusion.

Recommendations in the report include approaching security and compliance more holistically, identifying feature gaps and creating an operational strategy for addressing them, conducting inventory audits, creating training plans, developing governance and change management programs and committees, and setting up pilot programs to understand the latest features and capabilities of Office 365.

The report is available from the Spanning Web site here.

Posted by Scott Bekker on April 01, 2019 at 10:55 AM


Featured

  • Azure AD B2B Now Officially Supports Google IDs

    A feature that lets users of the Google identity and access service use their personal log-in IDs with Microsoft's Azure Active Directory B2B service is now generally available.

  • The 2019 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generation of HoloLens, here's what's on tap from Microsoft this year.

  • Microsoft, Salesforce Ink Deal Around Azure Cloud and Teams

    As part of a new partnership, CRM service provider Salesforce will leverage certain Microsoft Azure services, as well as Microsoft Teams, for services to customers.

  • 2019 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss this year.

RCP Update

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.