Office 365 and Regulatory Compliance

Office 365 environments are expanding, and the recent shift to remote work has only accelerated business reliance on the platform. According to the Thexyz blog, the average gain in monthly Office 365 users nearly quadrupled between October 2019 and April 2020, primarily because of the need for more collaborative work environments during the global pandemic.

With more users relying on Office 365, the need for security and reliable data backup is critical to ensure data and applications remain safe. In highly regulated industries like financial services, healthcare and the legal profession, compliance adds another wrinkle to the security challenge.

While the Office 365 platform now offers essential security features specific to users with particular compliance requirements, there’s some confusion about just how much protection Microsoft provides. This means there are many opportunities for MSPs to offer consulting services and support for their clients and to sell and support additional data backup capabilities potentially.

Microsoft only guarantees service availability—not data retention—and it recommends that customers use third-party backup providers. Restoration using the native tools in the platform can be challenging, and in industries like healthcare, those tools are insufficient.

Barracuda recently released its State of Office 365 Backup Report, based on survey data from current users. The report includes data on IT professionals’ concerns and preferences relative to data security, backup and recovery, SaaS solutions, and other issues.

According to the report, 73% of respondents agreed that they were concerned about complying with data privacy requirements. This is because data storage requires both security and regulatory compliance for users in certain industries. There are also data retention and storage requirements that can vary by country.

For multinational companies, for example, this can be an especially complex and challenging task to manage. Even if there isn’t a data breach, non-compliance can result in heavy fines. Companies in the United States were the most concerned (80%) about data being backed up outside their geography. Rules in the United States differ from state to state, making it difficult for these companies to be confident in their compliance efforts.

Office 365 and Compliance

How can these users ensure that their data privacy and storage are secure and in compliance with industry and governmental regulations? Luckily, Microsoft has implemented functionality that can help, and there are third-party tools that can fill in the gaps.

First, Microsoft has developed industry-specific tools to help manage data in a compliant fashion. For example, Matter Center for Office 365 is a