Microsoft publishes guidance to boost public sector cloud security

Microsoft has published guidance that enables public sector organisations to secure their Office 365 tenants in line with the Government’s security principles, ensuring users stay safe, while supporting organisations’ compliance efforts with GDPR.

The move will make it easier for public sector workers such as nurses, police officers and social workers to communicate and collaborate more easily with colleagues as they won’t need to rely solely on the Government’s Public Services Network.

Switching email, documents and spreadsheets to the cloud would also be more secure and save the Government money as it moves away from the internal intranet service that many parts of the public sector currently use.

To help with the change, Microsoft has published guidance explaining how Office 365 – which includes programs such as Teams, Outlook, Word and Excel – meets the National Cyber Security Centre’s “14 Cloud Security Principles”, which was released in 2016.

Michael Wignall, Chief Technology Officer at Microsoft UK, said: “This documentation provides a thoughtful and detailed outline of how to secure your Office 365 tenant in line with the Government’s security principles and offers practical guidance to ensure users stay safe right now, and helps support organisations compliance efforts with GDPR.”

Microsoft has unveiled two documents – one detailing how Office 365 maps to each of the cloud security principles and why specific security controls are recommended; the other offering step-by-step guidance on how the features and capabilities in Office 365 can be used to ensure that a common bar can be achieved for their Office 365 tenant.

A spokesperson from the National Cyber Security Centre (NCSC) said: “This guidance has been developed through the shared expertise and successful collaboration between the NCSC, Microsoft and the Government Digital Service. The advice aims to help private and public sector colleagues check and improve the security stance of their Office 365 deployments.”

The Government’s latest move comes after the NCSC released guidance on the public sector’s use of Windows 10 and Microsoft InTune, which allows management of mobile devices in an organisation.

The document’s recommendations include logging into computers using Windows Hello and updating Windows 10 regularly, as well as advising on devices and applications.

Microsoft is one of the world leaders in cloud computing, with more Azure regions than any other cloud provider. Around 95% of the largest 500 companies in the US use Azure, which boasts more than 70 compliance offerings and over 100 services.