Office 365: Separating Fact from Fiction

Myths and Facts

There's a lot of misinformation out there about the Cloud and Office 365. Here's a helpful guide to sort fact from fiction.


Myth: If our data moves to the cloud, our organization will no longer have control over our technology. 

Fact: You still have total control over technology, but you won’t have to worry about constant updates. 

When you move to the cloud, time spent maintaining hardware and upgrading software is significantly reduced— eliminating headaches with it. 

Instead of spending more and more portions of your budget on servers for email storage and workloads, you can think strategically and support organizational managers in a much more agile fashion, quickly responding to their needs.

Myth: Keeping data on-premises is safer than storing it in the cloud.

Fact: Security and UP-TIME come standard with Office 365 in the cloud.

“It’s becoming increasingly clear that your on-premises systems aren’t inherently more secure than they’d be in the cloud,” says Mark Anderson, founder of the INVNT/IP Global Consortium, a group of governments and security experts solving the growing cyber theft problem. “Many organizations are routinely hacked and don’t know it,” says Anderson. 

To keep Office 365 security at the pinnacle of industry standards, Microsoft's dedicated security team uses a wide
range of processes including the Security Development Lifecycle; traffic throttling; and preventing, detecting, and mitigating breaches at an enterprise level. 

And, Microsoft Office 365 has a 99.9% financially backed uptime guarantee. 

To protect against external threats, Office 365 gives you the option to use Advanced Threat Protection to secure mailboxes against sophisticated attacks in real time. Every email attachment or link is automatically evaluated for suspicious activity, and malicious content is neutralized before the chance of a risk. 

Additionally, Microsoft staffs industry-leading regulatory compliance experts. They know and keep up-to-date with the latest regulations and rules, such as HIPAA and Sarbanes-Oxley, Federal Information, Security Management Act (FISMA), ISO 27001, European Union (EU) Model Clauses, U.S.–EU Safe Harbor framework, Family Educational Rights and Privacy Act (FERPA), and the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), just to name a few. 

Myth: We have to move everything to the cloud. It is an all-or-nothing scenario.

Fact: You can move to the cloud at your own pace, or use a hybrid approach.

While some early cloud supporters advocated for moving your entire organization to the cloud all at once, this isn’t a process that needs to happen overnight. Most implementations start with a hybrid approach—moving a single workload, like email, and growing from there.

The hybrid cloud creates a consistent platform that spans data centers and the cloud, simplifying IT and delivering apps and data to users on virtually any device, anywhere. It gives you control to deliver the computing power and capabilities that your organization demands and to scale up or down as needed without wasting your onsite technology

As many organizations move their productivity workloads to the cloud, the path for each workload is different, and the time it takes for those migrations varies. We can help you move workloads such as file sync-and-share or email first, and then help you figure out the right long-term plan for more difficult or larger projects.

Myth: Corporate spies, cyber thieves, and governments will have access to my data if it is in the cloud. 

Fact: It’s your data, not anyone else’s.

This is a top fear about the cloud among many organizations, but it is unfounded. Your IT provider manages access, sets up rights and restrictions, and provides smartphone access and options. Further, your organization remains the sole owner. You retain the rights, title, and interest in the data stored in Office 365.

When safeguarding your data, we operate under several key principles:

  • Your data is not accessed for advertising or for any purpose other than providing you with services that you have paid for.

  • If you ever choose to leave the service, you take your data with you.

  • Privacy controls allow you to configure who in your organization has access and what they can access.

  • Extensive auditing and supervision prevent admins from unauthorized access to your data.

  • Customer Lockbox for Office 365 leaves customers with explicit control in the rare instance a Microsoft engineer may need to access customer content to resolve an IT issue.

Strict controls and design elements prevent your data from mingling with that of other organizations, and data center staff never has unprivileged access to your data. 

Microsoft is the first major cloud provider to adopt the world’s first international standard for cloud privacy. The standard establishes a uniform, international approach to protecting privacy for personal data stored in the cloud. It reinforces that:

  • You are in control of your data.

  • You know what’s happening with your data.

  • Strong security protection is provided for your data.

  • Your data won’t be used for advertising.

  • Microsoft encourages government inquiries to be made directly to you unless legally prohibited and will challenge attempts to prohibit disclosure in court.

Helios StaffComment