Raise your hand if you haven't been impacted by a data breach in the last year. If your hand is up, data privacy and encryption is something you probably wish you didn't have to care about. If your hand is down you are probably one of the information technology or security folks that may be mad at me before you finish reading this post about data encryption and SharePoint Online.
Data privacy has become a hot topic for Information Governance recently due to the consistent attacks being done on networks around the globe. One of the key technologies behind protecting the privacy of our information is data encryption, and this becomes an important topic when making decisions to migrate your data to SharePoint Online with Office 365 or keeping your documents on premise.
RecordLion is very pro-cloud, in fact all our systems are cloud based (Office 365, DropBox, Hatchbuck, QuickBooks, Toggle, Visual Studio, Adobe and more). We trust each of these organizations and believe while they are targets for attacks, they are doing more than we ever could to keep our data safe.
When is Data Encrypted?
When referring to the usage of SharePoint Online (and OneDrive for Business), data encryption can be applied at three different times: when you are using the data outside the control of the storage system, when it is at rest, and when the data is in transit (between you and the data center). If you create a practice of editing documents on the server, a really good feature of both SharePoint and OneDrive, you can narrow down encryption to later two, at rest and in transit.
This video from Microsoft shows how data is encrypted in SharePoint Online and OneDrive for Business at rest and when it's in transit to or from the data center originally posted on the Microsoft Office Blog.
What about my IT team?
Implementing SharePoint (mostly on premise) for the past 10 years, I rarely run across an information technology or security team that believes (or maybe just admits) that the Microsoft cloud could possibly be more secure when it comes to the protection of their (and their customers) information. While it may be entirely true that the odds of having a breach may be lower for your organization, likely because you're not a target, it doesn't seem feasible to me that most organizations could have possibly spent the time and resources to prepare as much as Microsoft (or Box, Google, Huddle, etc.)