Using encryption in Office 365 to help protect data and meet your compliance needs

First published on CloudBlogs on Apr 23, 2018
With digital data growing exponentially, and threats becoming more advanced, laws and regulations are evolving to protect individuals and their personal information. Encryption is one method that can be used to help ensure the confidentiality of certain sensitive information, reduce the risk of data compromise and help you meet your compliance needs. When organizations use Office 365, they can expect customer data to be encrypted both in transit and at rest by default. Additional encryption capabilities can be added for increased protection. The following encryption technologies are available in Office 365 to help protect your data:

• TLS : Encrypts data as it moves across the network to prevent snooping or man in the middle attacks.
• BitLocker : Encrypts the physical disks that store customer data in the Microsoft data centers to reduce risk of data compromise due to lapses in access control or hardware recycling.
• Service Encryption : Encrypts data more granularly at the application-level to provide defense in depth when used in concert with BitLocker to protect data at rest.
• Office 365 Message Encryption : Encrypts data even more granularly on a per email basis while in transit, and provides defense in depth when used with TLS.

For customers who have data security or privacy requirements that are driven by compliance, Office 365 offers flexible encryption key management options to further help organizations meet their compliance needs as they move to the cloud.

• Service Encryption with Customer Key : In addition to the benefits of service encryption, Customer Key enables customers to provide and control their own encryption keys in Azure Key Vault.
• BYOK with Azure Information Protection for Office 365 Message Encryption : in addition to the benefits of Office 365 Message Encryption, this feature enables you to provide and control your own encryption keys in Azure Key Vault.
• HYOK (Hold Your Own Key) with Azure Information Protection : This feature encrypts data using your keys that are stored, managed and controlled in an on-premises environment.
• S/MIME : A certificate-based encryption solution that allows you to both encrypt and digitally sign a message.

When it comes to data security, you can’t be too careful. Whether from a malicious attack or an accidental leak, compromised data can be dangerous and costly to your reputation and your bottom line. And in the complex world of regulations, laws and other internal compliance obligations, meeting these requirements is critical to maintaining business continuity and achieving your business goals. By informing yourself about the various technologies that can help address these challenges and by using Office 365, you’re taking a good first step toward protecting your data and meeting your compliance needs. Read more about this topic in our white paper .