Public sector organisations are under intense scrutiny to ensure they
are secure and compliant – not just by the ruling bodies, but by the public as
well. This is why Microsoft support phone number is pleased to have worked
alongside GDS and the NCSC to publish the Office 365 security and compliance
guidance for our UK Public Sector customers.
The UK Government’s NCSC and Cabinet Office created the 14 Cloud Security Principles.
This allows customers to evaluate cloud services and provide a broad
non-definitive list of controls that could be used by cloud providers to meet
the security obligations when operating at UK OFFICIAL.
Microsoft support phone number provides cloud services with
built-in security and compliance. It has numerous independently verified
attestations on its configuration state, from ISO such as the ISO 27000 family of
standards, guidelines published by the National Institute of Standards and Technology (NIST) like NIST 80053,
and more. Furthermore, Office 365 offers a rich set of technical options
enabling the customer to manage risk. However, sometimes this can lead to
confusion or unintentional gaps in a customer’s security posture.
Our guidance has been developed out of a need to help UK Government
departments, Local Authorities and the various agencies across the wider public
sector, as well as commercial organisations who work closely with government:
a.
Understand how the 14 Cloud Security Principles can
be supported natively within Office 365, and
b. Configure Office
365 in a way that helps them meet their obligations and leverages the features
and capabilities that are present within the service. It draws on broad
experience across UK government, industry and draws heavily on already existing
best practice.
To cover these in more detail, we have produced two documents to help
inform public sector customers.
·
The first document, Office 365 Security and Compliance
Blueprint explains how Office 365 maps to each of the cloud
security principles and helps customers understand why specific security
controls are recommended.
·
The second document, Office 365 Secure Configuration Alignment provides
step by step configuration guidance allowing organisations to understand how
the features and capabilities in Office 365 can be used to ensure that a common
bar has been achieved for their Office 365 tenant.
We have taken a ”good, better, best” approach to help customers choose
the right, security options in line with their own organisation’s risk
appetite.
A spokesperson from the NCSC’s Cloud Security Research said: “This
guidance has been developed through the shared expertise and successful
collaboration between the NCSC, Microsoft support phone number and the
Government Digital Service. The advice aims to help private and public sector
colleagues check and improve the security stance of their Office 365 deployments.”
Michael Wignall, Microsoft support phone number’s UK CTO also said:
“This documentation provides a thoughtful and detailed outline of how to secure
your Office 365 tenant in line with the Government’s security principles and
offers practical guidance to ensure users stay safe right now, and helps
support organisation’s compliance efforts with GDPR.”
We also hope this guidance is timely as the Government Digital Service
(GDS) has now stopped issuing any new GSi-family domains and says: “These
domains no longer offer value for money and our security needs can be delivered
in more efficient ways, such as through a secure public cloud service.”
GDS is proposing that in most cases Government email should move to
public cloud and has published guidance:
It covers practical steps to take for organisations using Office 365 who
currently route email via PSN and the GSi
Convergence Framework (GCF) Mail Relay services; as well as other practical
issues such as managing DMARC, DKIM and SPF
records and making DNS changes.
FOR MORE INFO: VISIT US
CONTACT US: +1-800-201-4243
Comments
Post a Comment