Trusting Microsoft with Your Data

What is your take on turning your data over to Microsoft? Theoretically, any data you store on O365 or M365 is in the possession of Microsoft. This means that they have access to the data completely....

compliance

migration

office 365

security

Daniel Winters

Copper Contributor

Sep 27, 2018

It is definitely Microsoft they are the most worried about as there doesn’t seem to be a lot of things standing in the way of someone at Microsoft gaining access. I’m sure there are internal controls (I mean logically this is a risk for Microsoft and a severe data breach would be catastrophic for them as a company at this point). How do you push them past that cynicism though? I’ve heard a little about the BYOK solution. I’m going to look in them further. I see so many things that could be made better with Azure and O365 I really want to get a convincing argument put together.

Wes Miller

Brass Contributor

Sep 27, 2018

Procedurally, I believe pretty strongly that Microsoft's operational integrity exceeds that of many other organizations. From facility security all the way down to the software in each region, they deploy/manage/secure at a scale that few other organizations in the world do.

If it's breaches they're concerned about, then BYOK/HYOK are probably the right places to start in terms of "backing in to confidence", as it were.

Over the next several years, I expect the company to continue focusing on security/isolation/compliance, although many will likely require E5 tiers of service (usually for all users).

The concerns are real concerns to consider - I'm not trying to short-sell them at all. In fact, we hear similar at my work pretty regularly when large customers are kicking the tires on M365, Azure, AWS, or GCP. But there's a point where you (the org) need to figure out what position the GRC sliders need to be in vs. the unique value that Microsoft's services can offer.

Wes

Forum Discussion

Trusting Microsoft with Your Data