INTELLIGENT SOFTWARE BUSINESS
compliance aren’t given the importance
they deserve.
Office 365: The outlier
Office 365 is certainly an outlier among
all other cloud apps when it comes to
compliance. This online productivity
software suite from Microsoft is a one-stop
solution for accessing various applications,
including Exchange Online, SharePoint
Online, OneDrive, Skype and the hosted
versions of Microsoft Office tools. These
services deal with heaps of information
and the burden of securing this data falls
on Office 365. Failing to ward off any
unauthorised access to this information
will only invite non-compliance.
The good news is that, on the
compliance front, Office 365 is light years
ahead of its competitors. It is compliant
with almost all industry mandates such as
PCI-DSS, HIPAA, GLBA and more. It also
boasts a dedicated security and compliance
centre, which helps you devise your own
strategy to meet the various external and
internal rules and regulations with which
your organisation has to comply. So, does
this signal an end to all your compliance-
related issues? The answer to this question
is an emphatic “no.”
With regards to compliance, here are
some areas where Office 365 still hasn’t
upped its game:
Compliance—a work in progress:
The security and compliance capabilities
of Office 365 are still a work in progress.
Its current approach to compliance might
help only those businesses with few,
generic compliance requirements. But
Office 365 doesn’t provide many options
for organisations that come under the
purview of many stringent external IT
regulatory bodies and have to audit
many specific events and store the logs
for specific time periods, for security or
compliance reasons.
Audit trails, a 90-day barrier:
To improve performance, all user/
administrator activities and mailbox
audit trails are purged by Office 365 after
90 days. But most industry compliance
mandates require companies store these
audit logs for years, to facilitate forensic
log analysis in case any issues crop up.
Limited reports, a major
stumbling block: During audits,
organisations are required to produce
corresponding compliance reports
for auditors to validate the security
of confidential information across all
applications. But native reports in Office
365 are very limited and don’t provide
the level of visibility required to ensure
hassle-free compliance. For example,
Office 365 doesn’t report on changes made
by Exchange administrators, delegates
and non-owners to mailbox properties.
Also, Office 365 reports can’t be filtered
to meet your needs. So an administrator
can view all the accesses to a mailbox, for
instance, but not the details appertaining
to accesses made by a single user from
different IP addresses.
Increasingly, organisations need to
look for solutions that include reporting,
auditing and management functionality,
and can unshroud the air of scepticism
surrounding compliance and store all
audit trails for as long as they want. The
aim ultimately is to bid adieu to their
compliance-related woes.
Siva Chelladurai, Marketing Analyst, ManageEngine.
47