What do I need to know before moving to Office 365?
Moving your company’s data to cloud-based storage is a big job, and we want to make sure you understand what it takes to ensure that your Office 365 data is managed, protected, and accessible.
Understanding Your Data
Do you understand your data: the security, organization, and access before you make the move? Varonis can help you prepare.
Some key questions you should consider when thinking about your Office 365 strategy:
- Does it make sense to move all of your files, or leave some behind?
- Once you create a policy that describes what should be migrated to Office 365, how will you find the files and folders that meet the criteria? Data Transport Engine can help stage files and folders for Office 365 migrations.
- What administrative tasks that currently happen onsite will be affected by moving to Office 365? Some examples:
- Permissions management
- Disaster recovery
- Data loss prevention
- Access auditing
- Will you have the appropriate level of controls on Office 365 to manage and protect your data?
- Will you be subject to any additional compliance requirements?
It is important to note that only Office 365 Plans Enterprise E3 and E4 offer unlimited archive storage quotas and litigation hold capabilities. Meanwhile, if you need to perform complex searches for eDiscovery or compliance purposes, you’ll need a third party solution.
Migrating Your Data
Migration can be difficult, particularly for organizations that maintain a hybrid deployment of on premise and cloud-based users. Hybrid deployments allow you to move some data to the cloud, while being able to support internal systems, ensure compliant environments, and more.
- Will users in both systems be able to share a common directory during transition/migration?
On-premise environments might require third party tools to manage Office 365: hybrid deployments require prerequisites (for example, with Exchange 2007/2010 environments there must be at least one Exchange 2013 Client Access and Mailbox server in place to run the Hybrid configuration wizard.)
- How do users access data? What will change? Do they need VPN access to get to Office 365 data?
- Will you need additional cloud apps to manage the migration and maintenance?
- Have you recently done an assessment of permissions audits, access activity, and content classification?
- How will you ensure that only the right people will have access to data in Office 365?
Mapping Out Your Infrastructure
Office 365 requires Azure Active Directory, AD Synchronization appliance (DirSync) and Active Directory Federation Services (AD FS). If you have more than one AD forest, or want to sync with an additional LDAP directory, you’ll need a custom deployment of Forefront Identity manager 2010 R2. Depending on the details of your existing infrastructure, you’ll want to plan out what 3rd party solutions you’ll want to integrate as well.
Protecting Your Data
How do you make sure your sensitive data and confidential information is secure? Office 365 does not provide advanced threat protection for targeted attacks, nor native surveillance features for monitoring communications or access activity (important for compliance.) Patch management, software upgrades, backup and recovery of data are controlled solely by Microsoft: you’ll likely need a 3rd party backup solution.
- Do you have a disaster recovery plan? An incident response plan?
- Do you understand the risk associating with storing restricted and regulated data?
- Is Office 365 SRA complaint within your region?
- Will you need to rebuild the permissions structure?
Know the Physical Location of Your Data
In many cases, you need to be aware of the physical location of your data: this is necessary for compliance issues especially if you’re an organization or public sector institution (particularly within industries such as healthcare, financial services, and government) that is bound by local regulations requiring that the data be physically kept within the country.
Recently, governments have been trying to establish who can access cloud-based data regardless of the country from which they operate: the EU has determined that companies outside of the European Union (such as Google or Facebook) must meet Europe’s data protection rules. Earlier this year, a German court ruled that Facebook was subject to German data protection law although its European headquarters are located in Ireland, while a U.S. District court ruled that Microsoft could be forced to turn over customer emails despite them being stored on servers in Ireland.
Physical locations of Office 365 data servers:
- North and South American customers: US data centers
- Brazilian customers: US and Brazilian data centers
- European Union customers: US, Irish and Dutch data centers
- Asia-Pacific customers: US, Singapore and Hong Kong data centers
Read more about the future of Varonis and Office 365 here.