Office 365 has become the world’s most popular cloud service with 180 million active users, and Microsoft projects that another 50 million will be on board by next year. Launched in 2011, Office 365 fits the needs of most organizations by offering subscription-based access to essential productivity tools such as Excel, Word and PowerPoint and powerful collaboration tools such as Skype, Yammer and SharePoint.

Still, some companies remain reluctant to adopt Office 365 due to the continued perception that cloud services are inherently insecure. In its 2019 State of Cloud Security survey, the SANS Institute found that 56 percent of IT professionals express concern about a lack of control over cloud data access.

Those fears aren’t entirely unfounded — there are unique cloud security challenges involved with having data stored with a third-party provider and accessed over the Internet. However, the risk is often exaggerated. While no system is entirely hack-proof, there are many reasons to believe that applications and data are actually more secure in the cloud than in on-premises systems.

Reputable providers can deliver better protection simply due to the scale they work with.  Because they provide services to large numbers of customers, it is easier and more economical for them to implement robust defensive measures.

With Office 365, for instance, formidable security, data protection and compliance features have been baked into the core offering. These features include multifactor authentication, mobile device management, advanced threat protection, data loss prevention, and encryption of data at rest and in transit across the entire application portfolio.

Automatic updates of essential antivirus, antimalware and antispam software help ensure that users are protected against emerging threats. Online administration makes it easy for organizations to customize their settings for data access, permissions and policies. Additionally, all Office 365 data is replicated for disaster recovery purposes, and Microsoft provides tools that allow you to recover deleted files, emails and other data.

Microsoft has also made it extremely difficult for unauthorized individuals to gain access to your cloud data. Office 365 operates on the principle of “zero-standing access,” which means that nobody — not even Microsoft engineers — has default access privileges. When role-based access is granted after authentication through Azure Active Directory (AD), it is on a “least-privilege” basis.

Physical access is tightly controlled. The data centers housing Office 365 servers are guarded and monitored around the clock, and feature layers of security such as biometric access controls, surveillance cameras and steel perimeter fences. Furthermore, Microsoft does not disclose the specific locations of its data centers to the general public.

Additional measures to safeguard your Office 365 data are on the horizon. Microsoft reportedly spends about $1 billion a year on cloud security. However, it’s important to note that this security focus doesn’t relieve customers of accountability. Like all cloud providers, Microsoft operates under a “shared responsibility” framework in which users and the provider responsible for different aspects of security.

For example, Microsoft uses replication to provide data resilience and guard against disasters or outages at its data centers. However, it isn’t a comprehensive backup solution and it won’t ensure that data won’t be lost due to ransomware, misconfigured devices or accidental deletion. Customers must take responsibility for making full backups of their Office 365 data.

Office 365 delivers a host of productivity, efficiency and operational benefits, but a strong focus on data protection has been a key contributor to its growing popularity. Although customers share the responsibility for protecting their data and applications, a wealth of built-in security features is making it easier for them overcome longstanding concerns about moving data to the cloud.