As customers move from locally stored and managed workflows to creating, storing and managing their data in the cloud, the issues of security and privacy become even more important, as companies like Microsoft or Amazon now have a direct hand in the way data is protected. In light of this, Microsoft announced three new capabilities for Office 365 that are designed to help customers maintain control of their data.
Microsoft is expanding Office 365 logs to include a majority of user, admin and policy actions, introducing Customer Lockbox for Office 365, and providing advanced encryption for email, all intended to increase security and privacy controls for Office 365 customers.
While Microsoft already provides a set of logs to satisfy compliance requirements, Office 365 logs are being expanded, and introducing along with them a new Office 365 Management Activity API to make it easier for customers to have visibility into "actions taken on their content". The API allows those logs to be input into security and event management systems, enabling better monitoring of Office 365 usage.
Customer Lockbox gives customers complete and explicit control in the rare event that Microsoft employees would need to access content in order to solve some technical problem. Most service operations are already performed without human interaction, but these new controls will allow customers to "provide explicit approval of access to their content by a Microsoft employee for service operations". Customer Lockbox will be enabled for Office 365 for Exchange Online by the end of the year, and SharePoint Online by 1st quarter 2016.
Finally, Microsoft already encrypts customer content for Office 365, using Rights Management, S/MIME, and Office 365 Message Encryption, as well as BitLocker for drive level encryption and per file encryption for SharePoint Online and OneDrive for Business. Now, Microsoft is set to expand that into content level encryption for email in Office 365:
Implementing this feature will increase the separation of server administration from the data stored in Office 365, resulting in an added layer of security. This new layer of content level encryption uses keys that are protected using hardware security modules certified to FIPS 140-2 Level 2. This new advanced encryption for email will be provided in Office 365 by the end of 2015.