Many applications today are cloud-based. The best known is of course Office/Microsoft 365. Popular applications such as Excel, Word or PowerPoint are already used by numerous companies as so-called SaaS applications (Software-as-a-Service) in a subscription model. The advantages for companies are obvious: you only pay for what you actually use, and you get everything from a single source and from almost any device with Internet access. Old server systems are no longer needed (for former Microsoft Exchange) and a lot of costs are saved. But is everything automatically secure with Microsoft 365 when using the cloud? No!

Due to the integration into the company network, the interaction with other applications or the multitude of end devices, it is more important than ever to ensure that data is not lost, that data protection is observed and that cyber criminals are not granted access through security gaps. But how can sensitive data from services such as OneDrive, SharePoint or Outlook be protected when everything lies with the provider Microsoft? Microsoft has many security mechanisms in its products, but they are not enough. Even simple scenarios such as employees accidentally sharing a OneDrive folder publicly or uploading a malicious file to SharePoint can already cause immense damage to the company. There are special cloud security providers on the market that use their solutions to monitor data flows and user activities in all cloud services. The best known of these so-called “cloud access security brokers (CASB)” on the European market is Hornetsecurity.

Where are the risks with Office 365?

DSGVO-compliant use and data protection:

According to the DSGVO and GDPdU, all incoming and outgoing emails must be archived in a legally compliant manner. Office 365 itself does not offer archiving specifically in accordance with the law.

Email Traffic:

Office 365 does have basic email encryption – but not in transit from sender to recipient. E-mails can thus be spied out and intercepted BEFORE they reach the recipient.

OneDrive data storage:

Cloud does not always mean secure. When using OneDrive at work, particular caution is required if several employees use the company’s online storage space. Employees can quickly and uncontrollably store any files in OneDrive – which also increases the risk of introducing malware into the company.

Companies that want to use Microsoft Office 365 would need to take additional measures for full protection. The switch to Office 365 naturally offers an opportunity to reduce costs, but it also brings new risks. Office 365 can be additionally secured using various tools. These include password managers, training for employees, the integration of complete cloud security providers or the use of multi-factor authentication. If you use Office 365 in your company and would like additional security, our IT security specialists will of course advise you free of charge and without obligation. Book your free consultation at: