Page 20 - E-Safety- SIS
P. 20

Physical Layer- Facility and Network Security


         Microsoft starts by providing security for the physical access of the data. Microsoft
         stores its customer data in data centers distributed geographically, restricts access to

         the data centers job function, and uses physical security measures.

         At the network level, Microsoft only allows connections that are necessary for the
         systems to operate, blocking other ports, protocols and connections. Tiered Access
         Control  Lists  and  firewall  rules  put  security  restrictions  on  communication,

         protocols, and port numbers. There are also security features that detect intrusions
         and vulnerabilities at the network layer.



        Logical Layer- Host, Application and Admin Users

         Microsoft has automated most of the operations performed on the hosts and apps by
         administrators in order to reduce human intervention. Access to Office 365 data is
         strictly controlled where least privilege is granted to perform specific operations by

         role. Microsoft’s Lock Box process greatly limits human access to data.
         Microsoft employs anti-malware software to protect data from malicious applications

         by  both  detecting  and  preventing  such  software  from  entering  the  systems.  If
         malware  enters  a  system,  Microsoft  quarantines  infected  systems  to  prevent
         additional  damage.  Additionally,  they  perform  regular  updates,  hotfixes,  and

         patches.



        Logical Layer- Host, Application and Admin Users

         Office 365 is a multi-tenant service. This means multiple customers use some of the

         same hardware resources, which is one of the primary benefits of cloud computing

         that allows for lower operating costs. Microsoft isolates co-tenant data through Active

         Directory  and  has  other  features  specifically  designed  to  secure  multi-tenant

         environments.







         In order to protect data from security threats, Microsoft adheres to an “Assume

         Breach” approach. Microsoft  assumes a breach has  already  occurred and  is not

         known yet, while their security team attempts to detect and mitigate the threat. The

         assume breach mentality rests on four pillars of security:

        E- Safety (Springdale Indian School)                                                                  20
   15   16   17   18   19   20   21   22