08
With the constantly-evolving proliferation of information security threats, mixed with the complexity of
meeting HIPAA regulatory mandates, healthcare organizations today need as many built-in
compliance and security features as possible. The Microsoft Office 365 Information Protection suite
provide organizations integrated, turn-key security controls not previously available. Never before has
it been easier to meet many of the technical and administrative safeguards required by today’s
HIPAA Security mandates while also enabling modern cyber-security controls. For example, Data Loss
Prevention, Security Incident Event Management, data classification and encryption for data-at-rest
recently were only achievable leveraging separate, expensive, off-the shelf vendors, and now are
centrally built-in when using Microsoft’s Cloud services.
MICROSOFT’S
OFFICE 365
AND TEAMS:
DATA SECURITY
AND HIPAA
COMPLIANCE
Introduction to Security in a Cloud-Enabled World
The security of your Microsoft cloud services is a partnership between
you and Microsoft.
Security in the cloud is a partnership Microsoft’s Trusted Cloud principles
You own your data and identities
and the responsibility for
protecting them, the security of
your on-premises resources, and
the security of cloud components
you control �varies by service type�.
Microsoft cloud services are
built on a foundation of trust
and security. Microsoft provides
you security controls and
capabilities to help you protect
your data and applications.
The responsibilities and controls for the security of applications and networks vary by the service type.
Transparency
We explain what we do with your data, and how it is
secured and managed, in clear, plain language.
Compliance
The largest portfolio of compliance standards and
certifications in the industry.
Privacy &
Control
Privacy by design with a commitment to use customers�
information only to deliver services and not for
advertisements.
Security
Safeguarding your data with state-of-the-art
technology, processes, and encryption is our priority.
Microsoft You
SaaS
Software as a Service
Microsoft operates and secures
the infrastructure, host operating
system, and application layers.
Data is secured at datacenters
and in transit between Microsoft
and the customer.
You control access and secure
your data and identities, including
configuring the set of application
controls available in the cloud
service.
SaaS
Software as a Service
Microsoft operates and secures
the infrastructure, host operating
system, and application layers.
Data is secured at datacenters
and in transit between Microsoft
and the customer.
You control access and secure
your data and identities, including
configuring the set of application
controls available in the cloud
service.
PaaS
Platform as a Service
Microsoft operates and secures the
infrastructure and host operating
system layers.
You control access and secure your
data, identities, and applications,
including applying any infrastructure
controls available from the cloud
service.
You control all application code and
configuration, including sample code
provided by Microsoft or other sources.
PaaS
Platform as a Service
Microsoft operates and secures the
infrastructure and host operating
system layers.
You control access and secure your
data, identities, and applications,
including applying any infrastructure
controls available from the cloud
service.
You control all application code and
configuration, including sample code
provided by Microsoft or other sources.
IaaS
Infrastructure as a Service
Microsoft operates and secures
the base infrastructure and
host operating system layers.
You control access and secure
data, identities, applications,
virtualized operating systems,
and any infrastructure controls
available from the cloud
service.
IaaS
Infrastructure as a Service
Microsoft operates and secures
the base infrastructure and
host operating system layers.
You control access and secure
data, identities, applications,
virtualized operating systems,
and any infrastructure controls
available from the cloud
service.
Private cloud
Private clouds are on-premises
solutions that are owned,
operated, and secured by you.
Private clouds differ from
traditional on-premises
infrastructure in that they follow
cloud principles to provide
cloud availability and flexibility.
Private cloud
Private clouds are on-premises
solutions that are owned,
operated, and secured by you.
Private clouds differ from
traditional on-premises
infrastructure in that they follow
cloud principles to provide
cloud availability and flexibility.
Part 2