This implementation provides value to both Microsoft and customers and assures data integrity as it flows between Microsoft 365 and the client.Įxchange Online, SharePoint Online, OneDrive for Business, and Skype for Business Man-in-the-middle or other attack to tap the data flow between Microsoft 365 and client computers over Internet. Helps customers meet internal regulation and compliance obligations, and the ability to leave the service and revoke Microsoft's access to dataĮxchange Online, SharePoint Online, OneDrive for Business, Skype for Business, Teams, and Yammer N/A (This feature is designed as a compliance feature not as a mitigation for any risk.) SharePoint Online, OneDrive for Business, Exchange Online, and Skype for Business Helps to mitigate risk of a hacker accessing data. The encrypted data cannot be decrypted without access to keys. Internal or external hacker tries to access individual files/data as a blob. SharePoint Online, Skype for Business, and OneDrive for Business Exchange Online Encryption TechnologyĮxchange Online, SharePoint Online, and Skype for Businessĭisks or servers are stolen or improperly recycled.īitLocker provides a fail-safe approach to protect against loss of data due to stolen or improperly recycled hardware (server/disk).
These scenarios are in many cases also mitigated via other controls implemented in Office 365. Some risk scenarios and the currently available encryption technologies that mitigate them are listed below.
This multi-layered approach provides fail-safe protection in case a control fails for some reason.
The key to this strategy is that many different controls are implemented at different layers to protect against the same or similar risk scenarios. The implementation of controls within various layers of our cloud services such as facilities, network, servers, applications, users (such as Microsoft administrators) and data form a defense-in-depth strategy. Identification, evaluation, and mitigation of risks via controls is a continuous process. Microsoft implements a large set of technology and process-based methods (referred to as controls) to mitigate these risks. Microsoft follows a control and compliance framework that focuses on risks to the Microsoft 365 service and to customer data.
0 kommentar(er)
