It may not have seemed possible, but data security has become even more of a hot topic over the past couple of weeks, with the deadline for GDPR compliance coming to pass. The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union, but also applies to the export of personal data outside of the EU. That means any Canadian or American business with an EU customer/client/subscriber in their database must comply or potentially face severe financial penalties.
The GDPR was adopted in 2016, however the regulation gave companies a two-year head start to get compliant by May 25, 2018. The reality however, is that very few businesses are 100% compliant to date. What sort of fines could these businesses be facing? Organizations that don’t comply with the new GDPR requirements may face penalties up to €20 million (over $30 million CAD) per infraction.
Even if a Canadian enterprise is 100% confident that there is no EU consumer connection to their business, compliance with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) is mandatory. Sure, there are differences between the more stringent GDPR and PIPEDA, but the former is in fact built on same principles of the latter. We’re already seeing Canada tightening up its policy with a recent amendment to the act this past April. Beginning November 1 2018, businesses are required to alert the Privacy Commissioner and Canadians if their personal information is compromised as a result of a data security breach, or face an up to $100,000 fine. In the years ahead, expect PIPEDA to parallel the GDPR in many more ways.
And yet, far too many Canadian businesses are taking a “wait and see” approach as the global scope for data security compliance changes. For enterprise level organizations, this approach is an ill-advised one. Governing bodies of the GDPR and PIPEDA will be making early examples out of those who do not comply, and guess who they will target? Enterprises that they deem to have pockets deep enough to levy the sanctions upon.
Of course, there is another reason to ensure compliance. Customers, clients, vendors, and potential partners are more likely to deal with a compliant company. No matter how you look at it, optimal data security and threat protection quickly becoming the most urgent matter companies to address. When it comes to IT security and GDRP compliance, MS 365 for Enterprises is an exceptional option organizations of all shapes and sizes. Let’s find out why.
How Microsoft 365 is Leading the Charge in Enterprise Level Data Security and Compliance in 2018 and Beyond
MS 365 Stays on Top of Compliance Updates for You
Microsoft 365 is a leader in intelligent compliance solutions, helping clients assess and manage compliance risks while leveraging the cloud to identify, classify, protect, and monitor sensitive data residing in hybrid and multifarious environments to support regulatory compliance. Microsoft makes it their job to stay on top of any and all new compliance regulations on behalf of their clients because they know that as a business, you may not always be aware of them.
Earlier in the year, Microsoft announced that MS 365 would provide businesses with an information protection strategy to help with the GDPR. The strategy not only helps Canadian (and other) businesses address the new law (and PIPEDA), it provides better data security across the board. These updates include the following:
- Compliance Manager general availability for Azure, Dynamics 365, and Office 365 Business and Enterprise customers in public clouds.
- Compliance Score availability for Office 365.
- Azure Information Protection scanner general availability.
- Protection of sensitive data in apps and across cloud services.
- Support data protection across platforms.
- Provision of a consistent labeling schema experience.
With its comprehensive approach to data protection and leading edge compliance, MS 365 is the an all-in-one SaaS that keeps enterprise businesses ahead of the privacy curve (Watch Gagan Gulati of Microsoft discuss how MS 365 stays on top of compliance).
MS 365 Security Development Lifecycle
By definition, Microsoft’s Security Development Lifecycle (SDL) is a software development process that helps developers build more secure software and address security compliance requirements while reducing development cost. With the SDL process in place, you gain peace of mind that every product coming out of the MS 365 pipeline is the most secure version possible.
For example, let’s look at one of your more likely uses of Microsoft’s Enterprise solutions, MS Office 365. In addition to Enterprise-grade user and admin controls to secure your environment, the data security features offered include the following:
- Encryption at rest protects your data on Microsoft servers.
- Encryption in transit with SSL/TLS protects your data when it’s transmitted between you and Microsoft.
- Threat management, security monitoring, and file/data integrity prevents and/or detects any tampering of data. This includes real time protection of your mailboxes, files, online storage, and applications against the current and sophisticated attacks, while also offering holistic security in Microsoft Teams, Word, Excel, PowerPoint, Visio, SharePoint Online, and OneDrive.
- Exchange Online Protection delivers advanced security and reliability against spam and malware to help protect your information while providing access to your email during and after emergencies.
Microsoft Leveraging AI
Microsoft is now using artificial intelligence (AI) to help your enterprise business protect its users and is also looking towards Linux to help safeguard your company against the internet of things (IoT), one of the newer threats to organizational data security.
One example of this AI adoption, is the new Secure Score tool for MS 365, a software bundle that includes Office 365, Windows 10 and Enterprise Mobility + Security (EMS). Secure Score was released in April 2018, and is a tool which assesses an enterprise’s level of security, generating a security benchmark score. Using machine learning, Secure Score will help administrators identify the technical controls that will help protect users and their data, while allowing you to compare how your company ranks against similar organizations. In addition, MS 365 has tapped into AI to launch an Attack Simulator (generally available status), and has recently announced a new API for connecting to the company's Intelligent Security Graph (ISG). Every month, the ISG is fed data on billions of web pages and threats caught by Windows Defender ATP, in addition to over 400 billion emails that Microsoft scans for malware and spam.
MS 365 Partners With Local Leaders in IT Support
Whether your staff size is 20 or 2,000, MS 365 provides industry leading intelligent security that offers identity and access management, information protection, threat protection, security management, and accelerated compliance. Enterprise support is second to none when you have a great relationship with a data security firm that is local. This is why Microsoft has carefully curated partnerships with a select few IT support firms and Cloud Solution Providers (CSP). In Western Canada (and growing across the country), that partnership has been formed with Fully Managed Inc. Fully Managed is a Microsoft Gold Partner and Certified CSP. That means we are your "one stop shop" when it comes to leveraging the power of Microsoft 365 Enterprise products and services as they apply to all of our needs, data security and compliance included.
If you have any questions about how Fully Managed Inc will help you tap into the power of MS 365 Enterprise tools to ensure maximum data security, while keeping abreast of all current and future compliance concerns, contact us at 1.877.432.0747 or complete the form found here.