Achieving Multilayered Data Security and Protection for Microsoft Office 365

MARCH 18TH, 2021

Microsoft 365’s cloud-based productivity solutions are hugely popular, with one in five corporate employees using at least one Microsoft 365 cloud service for email, productivity support, or collaboration. Given the current trend toward continuing remote or hybrid workplaces, Microsoft 365 adoption is likely to continue to grow for the foreseeable future.

However, if you are one of the millions of companies relying on Microsoft 365 applications—or if you’re considering a switch to Microsoft solutions—there are some data security and protection implications you need to consider.

Why You Need Multilayer Third-Party Security and Data Protection for Microsoft 365 Data

As with many technology service providers, Microsoft applies a shared responsibility model to data security. In a nutshell, this means Microsoft promises to protect their physical infrastructure, data centers, and the network connections that give you access to Microsoft 365 applications. As the user, you are responsible for protecting your data from cyberattacks, internal threats, corruption, and accidental deletion. 

In other words, you have to provide your own data security and protection solutions. If you aren’t sure whether your organization’s current security and data protection strategy is sufficient, ask yourself a few questions:

  • Could you recover an accidentally deleted online email inbox?
  • What happens if all of your SharePoint Online and OneDrive data is lost or encrypted?
  • Do you have a plan of action to prevent phishing, spam, and ransomware?
  • How long would it take to prepare for a compliance audit?

Are you comfortable with the answers? If not, it’s time to revisit your strategy and invest in third-party security and data protection for your Microsoft 365 applications.

How to Apply Multilayer Security and Data Protection to Your Microsoft 365 Solutions 

These days, there are too many ways for data to be lost, stolen, or corrupted to rely on a single source of protection. Today’s complex and distributed IT environments require a multilayer, holistic approach that includes:

  • Physical and cybersecurity
  • Backup and retention capabilities
  • Comprehensive business continuity and disaster recovery plans
  • Targeted education to minimize human error


The term “security” covers a lot of ground, and all of it is important. When creating a security strategy for your Microsoft 365 data, it’s important to find a solution with broad coverage, including:

  • Access management: Username and password access is too easy to bypass. Implement more stringent access management controls like:
    • Multi-factor authentication
    • Least privilege
    • Role-based access control
  • Visibility into user, application, and data behavior: It’s hard to secure things if you can’t see them. Reduce complexity and increase visibility with a unified management console. Centralized management lets you track metrics and monitor user and system activity.
  • Cybersecurity: Cyberattacks are becoming more frequent and harder to detect before the damage is done. Protect all of your Microsoft 365 data and applications with a state-of-the-art cybersecurity solution that deflects, detects, and neutralizes cyberthreats with the latest technology, including:
    • AI-driven endpoint protection
    • Deep learning neural network
    • Signature-based and signature-less protection


Without frequent, secure, and tested backups, you are leaving a lot up to chance. It only takes one bad attachment or one system update gone awry to wipe out every email, database, and mission-critical application your company needs to operate.

Microsoft 365 offers minimal backup and storage capabilities, so invest in a third-party backup strategy that includes multiple copies of the data stored on more than one type of media. Be sure at least one copy is stored offsite (most people opt for the cloud). You should also consider an air-gapped backup copy, because some newer strains of ransomware target backup files and encrypt them so they can’t be used for recovery. 

Restoration and Recovery

Speaking of recovery, do not wait until your company is having a crisis to figure out how you’re going to handle a crisis. Proactively plan for a disaster or major disruption well in advance. This plan should include steps for quickly restoring operations to something approaching normal (i.e., business continuity) as well as how to get IT systems up and running and prevent data loss.

Look for a disaster recovery/backup solution with point-in-time recovery capabilities, so you can restore data from immediately before it was deleted or corrupted. A web-based user interface (UI) is also a key feature, so the recovery and restoration effort can be launched from any location. 


A long-term retention solution is essential for Microsoft 365 data, especially for companies in highly regulated industries such as healthcare, insurance, and finance. Compliance regulations require certain types of data to be stored appropriately for a defined amount of time. Failure to adhere to the rules can result in large fines and other sanctions.

It’s also important to hang on to former employees’ emails and other files, in the event they are needed for litigation or other legal matters. Microsoft 365 does not offer the storage capabilities needed for this type of retention.

Security Awareness Training

Many IT professionals look at employees as a liability. However, with targeted, consistent training opportunities, employees can become your company's first and best line of defense.

Human error and bad decisions cause a huge number of security events every year. But regularly scheduled security awareness training can reduce the chance that someone clicks a bad link or opens an infected email attachment. The time and money invested in educating employees about safe surfing, good email hygiene, and what to do if something looks suspicious will pay for itself the very first time someone doesn’t open that .exe file the Nigerian prince sent them.

Keep Your Systems and Applications Covered

In today’s highly distributed workplaces, maintaining employee productivity and supporting collaboration is challenging. Microsoft 365 provides many tools to help overcome these challenges, and they do it well.

However, between natural disasters, technology failures, humans being humans, and cybercriminals being relentless, you can’t leave anything unsecured. It is crucial for organizations relying on Microsoft 365 to implement a robust, multilayer security and data protection strategy that covers all systems and applications. 

Download A Ransomware Crisis Plan is Now a Business Imperative to learn more ways to keep data safe from new and evolving cyberthreats.