Office 365 and Regulatory Compliance
For highly regulated industries, securing Office 365 is mission-critical.
May 11, 2021
Sponsored by Barracuda MSP
Office 365 environments are expanding, and the recent shift to remote work has only accelerated business reliance on the platform. According to the Thexyz blog, the average gain in monthly Office 365 users nearly quadrupled between October 2019 and April 2020, primarily because of the need for more collaborative work environments during the global pandemic.
With more users relying on Office 365, the need for security and reliable data backup is critical to ensure data and applications remain safe. In highly regulated industries like financial services, healthcare and the legal profession, compliance adds another wrinkle to the security challenge.
While the Office 365 platform now offers essential security features specific to users with particular compliance requirements, there’s some confusion about just how much protection Microsoft provides. This means there are many opportunities for MSPs to offer consulting services and support for their clients and to sell and support additional data backup capabilities potentially.
Microsoft only guarantees service availability—not data retention—and it recommends that customers use third-party backup providers. Restoration using the native tools in the platform can be challenging, and in industries like healthcare, those tools are insufficient.
Barracuda recently released its State of Office 365 Backup Report, based on survey data from current users. The report includes data on IT professionals’ concerns and preferences relative to data security, backup and recovery, SaaS solutions, and other issues.
According to the report, 73% of respondents agreed that they were concerned about complying with data privacy requirements. This is because data storage requires both security and regulatory compliance for users in certain industries. There are also data retention and storage requirements that can vary by country.
For multinational companies, for example, this can be an especially complex and challenging task to manage. Even if there isn’t a data breach, non-compliance can result in heavy fines. Companies in the United States were the most concerned (80%) about data being backed up outside their geography. Rules in the United States differ from state to state, making it difficult for these companies to be confident in their compliance efforts.
Office 365 and Compliance
How can these users ensure that their data privacy and storage are secure and in compliance with industry and governmental regulations? Luckily, Microsoft has implemented functionality that can help, and there are third-party tools that can fill in the gaps.
First, Microsoft has developed industry-specific tools to help manage data in a compliant fashion. For example, Matter Center for Office 365 is a legal document management solution that allows firms to share and organize documents and emails. It was designed to comply with ISO 27001 and HIPAA standards and lets users customize permission settings.
Financial firms can rely on Office 365’s Security & Compliance Center, Advanced Security Management, Advanced Data Governance, Advanced eDiscovery and other apps to minimize the risk of exposing private information.
In healthcare, users can leverage a HIPAA-compliant Office 365 setup, using industry-based templates to create usage policies to prevent data loss.
Office 365 also offers basic security features like two-factor authentication that secure communications and comply with these types of requirements.
MSPs can help clients ensure that their Office 365 setup meets their industry’s basic security and privacy standards across all regions. But native features alone are not enough.
According to the Barracuda study, 67% of respondents rely solely on built-in Office 365 capabilities for backup and recovery, despite the complexity of retention policies and the fact that native tools do not provide granular restoration.
Third-party tools like Barracuda Cloud-to-Cloud Backup and email protection products can provide the data security and compliance that these companies want and need. According to the report, 84% said that having a backup solution with unlimited storage was necessary, and 77% indicated that granular restore capabilities for Exchange, SharePoint, OneDrive and Teams was vital. Those features are only possible with the deployment of a third-party solution.
Protecting Office 365 data is a rapidly growing requirement, and organizations need comprehensive, easy-to-use backup solutions to ensure they remain in compliance with industry and government regulators. Organizations want granular retention, the ability to recover user mailboxes to other locations or users, and role-based access control. However, many of them still rely on Microsoft’s native retention, which doesn’t offer such capabilities.
MSPs can help by guiding customers through configuring Office 365 to meet the security and compliance needs of their specific industry. They can also help by providing access to third-party data backup and recovery tools that provide the functionality clients need to successfully back up and restore data and applications in the event of a failure or cyber-attack.
Brian Babineau is Senior Vice President and General Manager for Barracuda MSP. In this role, he is responsible for the company’s managed services business, a dedicated team focused on enabling partners to easily deliver affordable IT solutions to customers.
This guest blog is part of a Channel Futures sponsorship.
Read more about:
MSPsAbout the Author
You May Also Like