Exploring the Security and Compliance Center – Part 5: Data Management
This post in our blog series explores the Data Management and Service Assurance sections of the new Office 365 Security and Compliance Center. No time to read the full series now? Download our white paper ‘Getting Started with the Security and Compliance Center’ which includes all the blogs on Office 365 Security and Compliance. Get your copy here
The Data Management area is made up of three features: Import, Archive and Retention. It enables you to import data from your on-premises servers into your Office 365 environment, as well as offering the option to manage the archiving and preservation of content in the following locations: Exchange Online mailboxes, SharePoint Online sites, and OneDrive for Business.
Managing data that is stored in the cloud can feel a little daunting. You can no longer see the physical location of your information unlike previous on-premises solutions, so you may feel like a level of proximity between yourself and the data you manage has been lost. But as Microsoft claim, ‘there’s a secure feeling that comes with storing your data in physical servers that you can see, touch, and give a little kick every now and then. But just because you can’t kick the cloud doesn’t mean you have less control over your Office 365 data.’
The Data Management area of the Security and Compliance Center looks to provide functionality that puts ‘you back in the driver’s seat’ when it comes to data, and here’s how it aims to do this.
This allows you to transfer data from your organisation’s servers to Office 365. Microsoft offer two ways to do this: Network Upload – uploading the data files over the network and then using the Office 365 Import service to upload the files. The other option is Drive Shipping – copying your data files to an encrypted hard drive and physically posting them to Microsoft. Once the drive is received, data center personnel upload the data to a temporary storage area, after this is complete the Office 365 Import service can be used to move the data to mailboxes and sites in your Office 365 platform.
The Archive section in Data Management allows you to see users that have Archive Mailboxes enabled. Also known as an In-Place Archiving in Exchange Online, Archive Mailboxes offer users additional mailbox storage space outside of their default mailbox. In-Place Archiving using Archive Mailboxes can help organisations to meet any message retention, eDiscovery, and hold requirements.
You can search in the list of users displayed, and enable or disable the feature individually. It also shows you an overview of user-level usage including: Mailbox Usage, Archive Usage, and Recoverable Items Usage.
Finally, the Retention feature allows you to ‘manage the life-cycle of content in Office 365’. You can create and apply retention tags and policies for Exchange Online, specifying how long an item should be kept for before being removed.
There are a number of links listed which will redirect you to different retention and deletion options. You create deletion policies that will delete email, documents, and Skype for Business conversations, as well as document deletion policies for SharePoint Online and OneDrive for Business. Once set, these policies will delete qualifying items after the period of time specified.
In addition, preservation policies can be added to help you retain the data you need. The content placed under this policy is immutable, meaning that a copy is preserved even if the item has been changed or deleted. As you can see below, these policies can be added directly through the center.
The data management features listed above allow you to take control of how your data is dealt with, but perhaps more importantly, it also enables smarter management. It provides you with the visibility you need to feel in control, but also offers functionality like the wide range of policies in Retention or the advanced search in Archive to streamline management processes.
As a whole, the Security and Compliance Center is geared up to enable you to achieve compliance in your organisation. Alongside this, there is also a section in the center which displays Microsoft’s Service Assurance, providing documentation on how they maintain the security, privacy and compliance of Office 365. This information demonstrates how Office 365 complies with the regulatory and security standards which govern it, but as Microsoft point out, these Compliance Reports and Trust Documents can be also used to ‘perform your own risk assessment and gain confidence that Office 365 meets the security and regulatory requirements of your organisation’.
The portal requires that you specify your location and industry in order to tailor the resources to your needs. As the area also contains confidential information about Microsoft it also asks that the contents are not shared without prior written consent.
The documentation is split into Compliance reports (as shown below) and Trust documents, containing ‘white papers, FAQs, end of year reports and other trust-related documents provided by Microsoft’.
As an organisation’s compliance objectives and measures will usually extend beyond just the IT department to all areas of the business, it is likely that non-admins may need to see or compile information regarding Office 365 compliance. If other people in your organisation need to review the Service Assurance documents, it is possible to add or ‘on-board’ non-admin users. More information on how to do this can be found in the ‘Onboarding Guide’ here.
Interested in finding out more about Office 365 Security and Compliance? Why not download our white paper which includes tips on how to get started with the new center?
Cogmotive is the leading global provider of enterprise level reporting and analytics applications for Office 365. Find out more now.