Safety in the Cloud: Keeping Office 365 Secure

Reposted from Yahoo
It’s 2014 and it seems like you can finally get online almost everywhere you want to. Between cellular networks, wi-fi at your friendly local coffee shop and even premium access available on most flights, it’s almost harder to find a place you can’t get online. As internet access has increased, so has the availability of cloud-based file storage.
It’s great that you can get to your files almost anywhere… but if your security isn’t up to par, it’s possible anyone around the world will be able to access your files also. With recent high-profile security leaks affecting millions of consumers at places like Target, it’s worth taking a look at everything in place to make sure your Office 365 data stays right where you want it.
1. Where is “The Cloud”, Really?
As much as the advertising campaigns would like you to believe your data is just floating around in the ether at all times, it has to live on servers somewhere. Google has datacenters throughout the Americas, Asia and Europe, Dropbox runs off Amazon S3 based in datacenters throughout the country, and Microsoft stores the cloud data for its U.S. customers in datacenters throughout North America, including locations in Texas, Chicago, and Washington state.
If the data that’s “’in the cloud” really exists on servers in datacenters throughout the country, the security in those centers becomes incredibly important. The security features at Microsoft’s datacenters read like something out of a spy movie: “biometric readers, motion sensors, 24-hour secured access, video camera surveillance, and security breach alarms.” It’s the first line of defense protecting your data, stopping someone from literally ripping your data out of the racks and throwing it in the back of a truck.
2.       Access Granted (or Denied.)
In the days when an organization’s records were stored in metal filing cabinets, you knew someone accessed records when you saw them open the cabinet. Once documents get moved to the cloud, you’ve got more ways to track who sees what. Office 365 allows administrators to keep track of any viewing, editing, and deleting of content. It’s the type of information your organization may not use often, but after something’s gone missing, that data can be invaluable to find out exactly who is responsible.
Of course, Office 365 also offers user-level restrictions on who can access what documents. Files can be made available to individual users, members of a work group, or to your entire team. Although everyone in your organization likely has the best of intentions, sometimes the best way to make sure your documents stay safe is to restrict access on a “need-to-know” basis. Office 365’s security controls have the granularity to allow you to do just that.
3. Password1234
Even if your cloud data lived on a server in Superman’s Fortress of Solitude, the weakest link is still going to lie with the user. If someone gets access to your password, the most advanced security features won’t stand much of a chance. Microsoft supports the use of an organization’s corporate log-ins to access Office 365, or unique usernames can be created just for Office 365 services. If the corporate log-ins are used, password practices for Office 365 are determined by the policies of the organization. If an Office 365 username is created, the following security settings are in effect.
Passwords must be between 8-16 characters in length.
Passwords expire every 90 days.
Passwords must be “strong,” meaning they use three of the four following character types: uppercase characters, lowercase characters, numbers and symbols.
The same password cannot be used for two consecutive 90-day periods.
10 failed log-ins requires the user to solve a CAPTCHA prompt. An additional 10 failed password attempts triggers a lock-out for that user.
Microsoft does its best to force users to use strong passwords, but again, there’s only so much that can be done is a user’s password is compromised. Microsoft does offer two-factor authentication for some parts of Office 365, but it’s incredibly important that organizations train their users on how to keep their passwords safe.