For example, all data is scanned for known malware and viruses whenever entering or leaving Office 365, and data at rest is scanned weekly. In addition to the data resiliency standards listed above, Office 365 offers many additional protections. So far, after one year of the platform’s active deployment at the University, we can confirm that we are not aware of any data loss for any Rutgers Connect user.
All efforts are made to ensure that none of these failures will ever result in customer data loss. The architecture of Office 365 and the underlying Azure infrastructure is based on an understanding that failures can (and will) happen due to hardware, software, networking, and human errors. To ensure that no customer data is ever lost, Microsoft ensures that for each user file stored within Office 365 there must exist at least 4 copies, which must reside in 4 separate datacenters within the United States. As a rule, encryption keys are kept in different datacenters than the data they encrypt.įor more on data encryption, see Content Encryption in Microsoft Office 365. Second, each file residing in the Office 365 platform is individually encrypted, independently of the underlying storage encryption. First, all data is encrypted at the disk storage layers using BitLocker protocols.
Once data of any sort is stored in Office 365, it remains at least doubly encrypted while at rest. The government access reports are available here: įor more on data privacy, see Privacy in Office 365.Īll data in Office 365 and its Rutgers University implementation (Rutgers Connect) can only be accessed over encrypted network protocols, ensuring that no third-party actor can intercept or read any communications between the end user and Office 365. Microsoft recently received permission from the U.S government to publish information about Foreign Intelligence Surveillance Act orders and National Security Letters. Microsoft publishes its law enforcement requests report to identify the number and types of requests it receives and its compliance with those requests. If Microsoft is required to respond to the demand, Microsoft will promptly notify the customer and provide a copy of the demand (unless legally prohibited). If a government entity approaches Microsoft directly with a request related to a Microsoft Online Services customer, Microsoft will first try to redirect the entity to the customer to respond. Their privacy statement regarding government access to data reads, in part: Microsoft does not provide any government agency with direct, unfettered access to either customer data or the encryption keys securing the data. Furthermore, all data is encrypted both at rest and in transit and between the user and all components of Office 365. Within these facilities, data which belongs to Rutgers is logically segregated from the data of all other Office 365 tenants owned by other clients. Interested users should browse the Office 365 Trust Center for additional information, as these articles will cover only a small portion of what Microsoft has made available.ĭata Location, Privacy, and Access by Third PartiesĬontractually, Microsoft guarantees that all Rutgers University data is stored exclusively in US-based datacenters. Microsoft publishes a vast amount of information detailing their techniques, policies, methodology, and implementations relating to the security of Office 365.
#RUTGERS MICROSOFT OFFICE 365 SERIES#
The first articles in the series will cover the Office 365 platform’s security capabilities and compliance offerings. It will also provide an overview of the Rutgers-specific customizations and policies which further this high-priority endeavor. This series of articles will introduce both University IT staff and interested members of the community to the standards and capabilities of the Office 365 platform designed to ensure data security and privacy. When selecting Microsoft Office 365 as the platform for Rutgers Connect – the new central email, calendaring, and collaboration solution for the University – the members of the committee tasked with this selection process were keenly aware that data security and privacy ranked among the most important considerations.
0 kommentar(er)
