Office 365 Justification White Paper
Office 365 Justification White Paper
Office 365 Justification White Paper
White Paper
While Office 365 is in the cloud, it is not a hosted offering for customers to administer off-site servers but rather
Software as a Service (SaaS) providing portals and applications for administrators and end-users. Office 365
combines the familiar Office desktop suite with cloud-based versions of next-generation communications and
collaboration services:
Microsoft takes a comprehensive approach to protecting your data at both the physical layer exemplified by a $2
billion investment in state-of-the-art data centers and the logical layer using security-aware engineering practices for
services and software. Office 365 provides secure access across platforms and devices, as well as premium anti-
spam and antivirus technologies that are automatically updated to protect against the latest threats. The security
features and services associated with Office 365 are built in, reducing the time and cost associated with securing
your IT systems. At the same time, Office 365 enables you to easily control permissions, policies, and features
through online administration and management consoles so you can configure Office 365 to meet your specific
business and security needs.
Challenges
Currently, most technology infrastructure is considered a utility service that is no longer cost effective to maintain
on-premise. Just like electricity and water, the trend is to pay monthly for these services at much less cost than
continually purchasing and maintaining hardware and software. Like death and taxes, the server hardware you buy
today will be out of warranty and not supported with no availability of replacement parts within 3-4 years. Then you
face the waterfall effect of new operating systems and application software, not to mention any hardware failures
and software updates and backup along the way. Meanwhile, there are more workers on the go, accessing business
information by more platforms than ever before. And finally, have you budgeted and implemented double the cost
and technology infrastructure for a business continuity plan in case of a natural or man-made disaster?
Common Objections
Matrixforce respects the right and decisions of all customers. However, circumstances must be extremely unique to
outweigh the savings and benefits of Office 365 versus on-premise solutions. Many service providers and IT
departments are quick to perpetuate cloud myths of poor reliability or security. Unless they have a long-term
business model and a wide variety of services offerings, most service providers receive significantly less revenue
than selling and supporting on-premise solutions. Although IT departments are often overworked, taking servers
away strikes fear of less prestige and control. What it really means is less mundane maintenance like updates and
more time for brain work and assisting end-users. Some management likewise cannot fathom having data outside the
building, but think nothing of not being able to touch cash in the bank vault or use online financial transactions.
Cost Savings
For the most savings, the best time to move to Office 365 is at or near a required refresh of servers for file storage,
e-mail, or communications. Not only do you escape the capital cost of hardware and software, but you avoid
maintenance and disaster recovery along with all backend upgrades. However, you still must stay within the 5 year
standard support period of Office desktop software. Use the Cloud Computing Comparison tool and you will see an
average of 40% savings over a 5 year period.
No Advertising. Office 365 does not build advertising products out of customer data or scan email or
documents. Browser analytics are gathered in the Microsoft Online Portal for aggregate site usage by users.
No Mingling. Office 365 keeps customer data separate from consumer services such as Live. Microsoft
Online Services use separate systems that are physically and logically separate from consumer systems.
Data Portability. Customers own their data, and retain all rights, title and interest in the data stored with
Office 365. A full copy of your data can be downloaded at any time and for any reason, without any
assistance from Microsoft. Upon Office 365 subscription expiration or termination, Microsoft provides by
default 90 days of limited access to export data.
Data Limits. Core customer data is not accessed for administration unless explicitly requested via
customer service request for operations and troubleshooting. Normal personalization or communications
concerning tips and advice utilize no access to core customer data. Customer account information only
must be accessed for purchase and billing questions. Microsoft does not voluntarily provide law
enforcement access to customer data and tries to redirect such an entity to the customer, unless legally
required to disclose information. Follow this link to learn more about Microsoft Online Services Data
Limits.
Administrative Access. Access to customer data is strictly controlled and logged and sample audits are
performed both by Microsoft and third parties to attest that access is only for appropriate business purposes.
Limited key personnel only of the Operations Response Team may access core customer data only as
needed and by exception. Support, Engineering, and others in Microsoft have no access to core customer
data. Partners have access to core customer data only with customer permission. Follow this link to learn
more about Microsoft Online Services Administrative Access.
Data Centers. As a standard policy, Microsoft does not disclose the location of its data centers. Microsoft
operates between 10 and 100 data centers located around the world. The following are locations Microsoft
has elected to disclose to the general public:
Deep Experience. Microsoft has developed proven practices and policies as a result of over 15 years of
experience in providing security for online data. Microsoft offers a financially backed 99.9% uptime Office
365 Service Level Agreement.
5 Layers of Security. Data is secured in 5 different layers - data, application, host, network, and physical.
See the Security in Office 365 White Paper.
Monitoring and Access Restriction. Microsoft proactively monitors Office 365 services to identify
potential known and unknown threats by predicting malicious behavior, and also monitors for irregular
events that may indicate threats. In addition, production server access is restricted to a short list of critical
operations personnel.
Secure Lifecycle. The Microsoft Secure Development Lifecycle ensures that security and privacy is
incorporated into online services by design, from software development to services operations. See the
Office 365 for Enterprise Security Service Description.
Independently Verified. Office 365 is complaint with many world-class industry standards and regulatory
compliance as verified by third-party security audits:
o ISO 27001
o EU Model Clauses
Solution Expertise
Resources
Office 365: http://office365.microsoft.com
Microsoft Global Foundation Services: http://www.globalfoundationservices.com
Microsoft Data Center Videos: http://www.globalfoundationservices.com/infrastructure/videos.html
Microsoft Trustworthy Computing: http://www.microsoft.com/about/twc/en/us/default.aspx
Security Development Lifecycle: http://www.microsoft.com/security/sdl/default.aspx
Forefront Online Protection for Exchange: http://technet.microsoft.com/en-us/forefront/cc540243