How onedrive protects your data in the cloud

they control your data. When you store your data in OneDrive cloud storage, you remain the owner of the data. For more information on the ownership status of your data, see Office 365 – Privacy as a concept.

Watch this training course to learn more about the OneDrive features that will help you protect your files, photos and data: Backing up, protecting and restoring OneDrive

How to reliably protect your data

There are a few ways to protect your files in OneDrive:

Add security information to your Microsoft account. You can add information such as your phone number, an alternate email address, and a security question with answer. This way, if you forget your password or your account has been hacked, we can use your security information to verify your identity and help you regain access to your account. Navigate to the page to enter security information.

Use the two-step check. This strengthens the protection of your account, because every time you try to log in from an untrusted device, you have to enter an additional security code. The second step can be done via a phone call, text message or app. For more information on two-step verification, see Enable two-step verification for your Microsoft account.

Enable encryption on your mobile devices. If you have the OneDrive mobile app, it is recommended that you enable encryption on your iOS or Android devices. This will help protect your OneDrive files if your mobile device is lost, stolen, or someone gains access to it.

Subscribe to Microsoft 365. A Microsoft 365 subscription gives you advanced protection against viruses and cybercrime, as well as methods to recover your files after malicious attacks.

How OneDrive protects your data

Microsoft technicians manage OneDrive through a Windows PowerShell console that requires two-step authentication. We perform daily tasks in the form of workflows to be able to react quickly to new situations. No technician has constant access to the service. If technicians need access, they must request it. Your authorization will be verified, and if technician access is approved, it will only be for a limited period of time.

In addition, OneDrive and Office 365 are investing heavily in systems, processes and personnel to reduce the likelihood of personal data breaches and to quickly identify and mitigate the consequences of a breach if it does occur. Some of our investments in this area include the following:

Access control systems: OneDrive and Office 365 manage a "zero-standing access" policy, which means that engineers can’t access the service unless it’s explicitly granted as a result of a specific incident that requires an increase in access. Whenever access is granted, it is done under the principle of least privilege: the permission granted for a particular request allows only a minimal set of actions necessary to support that particular request. To this end, OneDrive and Office 365 maintain strict separation between "role extensions," with each role allowing only certain predefined actions. The Customer Data Access role may be different from other roles more commonly used to manage the service, and will be closely reviewed prior to approval. Taken together, these access control investments significantly reduce the likelihood of a technician accessing customer data in OneDrive or Office 365 without authorization.

Security monitoring systems and automation: OneDrive and Office 365 maintain robust monitoring systems in real time. These systems resolve u. a. Alerts on attempts to unauthorizedly access customer data or attempts to unauthorizedly transfer data from our service to other destinations. In connection with the access control items mentioned above, our security monitoring systems keep detailed records of elevation requests made and actions taken for a given elevation request. OneDrive and Office 365 also make investments in automated resolution that automatically respond to detected issues to mitigate threats, as well as dedicated teams to respond to alerts that cannot be automatically resolved. Security monitoring systems conduct OneDrive and Office 365 regular red-team exercises, where an internal penetration testing team simulates attacker behavior in the live environment. These exercises lead to regular improvements in our security monitoring and incident response capabilities.

Personnel and processes: In addition to the automation described above, OneDrive and Office 365 maintain processes and teams that are responsible for both educating people in the organization about data protection and incident management processes and executing those processes in the event of a breach. For example, a detailed standard operating procedure (SOP) for data breaches is maintained and shared with teams across the enterprise. This SOP details the roles and responsibilities of both the individual teams within OneDrive and Office 365 and the central security incident response teams. These include both the actions teams need to take to improve their own security posture (performing security audits, integrating with centralized security monitoring systems, and other best practices) and the actions teams need to take in the event of an actual security breach (quickly escalating to the incident response system, maintaining and deploying specific data sources used to expedite the response process). Teams also receive regular training on data classification and the proper handling and storage of personal data.

The key takeaway is that OneDrive and Office 365, for both consumer and business plans, are investing heavily in reducing the likelihood and impact of personal data breaches affecting our customers. Should a personal data breach occur, we are committed to notifying our customers immediately once the breach is confirmed.

Protection during data transfer and of data at rest

Protection during data transfer

As data is transferred from clients into the service and between data centers, it is protected with Transport Layer Security (TLS) encryption. We only allow secure access. We do not allow authenticated connections over HTTP, redirecting to HTTPS instead.

Protection of dormant data

Physical protection: Only a limited number of key employees have access to the data centers. Your identities are verified using multiple authentication factors, including smart cards and biometrics. There are on-site security officers, motion detectors and video surveillance. Attack detection alerts monitor anomalous activity.

Network protection: Networks and identities are isolated from the Microsoft corporate network. Firewalls restrict traffic entering the environment from unauthorized locations.

Application security: Technicians who create features follow the Security Development Lifecycle. Automated and manual analytics help identify potential security risks. The Microsoft Security Response Center helps classify incoming security risk reports and assess remediation actions. Through Microsoft Cloud Bug Bounty Terms, people around the world can earn money by reporting security vulnerabilities.

Content protection: Every file stored is encrypted with a unique AES256 key. These unique keys are encrypted with a set of master keys stored in Azure Key Vault.

High availability, always recoverable

Our data centers are geographically distributed within the region and fault tolerant. Data is mirrored to at least two different Azure regions, at least several hundred miles apart. This allows us to mitigate the impact of a natural disaster or loss within a region.

Continuous scanning

Constantly monitor our data centers to ensure their integrity and security. This starts with the inventory. An inventory agent captures the state of each computer.

After we have an inventory, we can monitor and correct the integrity of computers. Continuous deployment ensures that each computer receives patches and updated antivirus signatures, and that a known good configuration is stored for each computer. Deployment logic ensures that only a certain percentage of computers are patched or rotated at any one time.

The Microsoft 365 "Red Team" within Microsoft consists of attack experts. They look for any opportunity to gain unauthorized access. The "Blue Team" is made up of defense engineers who focus on prevention, detection and recovery. You create technologies to detect and respond to attacks. To stay up to date on what the security teams at Microsoft are learning, consult the Office 365 security blog.

Other OneDrive security features

As a cloud storage service, OneDrive has many additional security features. These include:

Virus scanning for known threats during download – Windows Defender anti-malware module scans documents at the time of download for content that matches an AV signature (updated hourly).

Monitoring for suspicious activity – To prevent unauthorized access to your account, OneDrive monitors for and blocks suspicious login attempts. In addition, you will receive an email notification when unusual activity is detected, e.g. B. An attempted login from a new device or location.

Ransomware detection and recovery – As a Microsoft 365 subscriber, you will receive an alert when ransomware or a malicious attack is detected by OneDrive. You can easily restore your files to a point in time before the incident for up to 30 days after the attack. You can also recover up to 30 days after a malicious attack or other types of data loss, z. B. File corruption or accidental deletion and editing, restore your entire OneDrive.

Version history for all file types – In case of unintentional edits or accidental deletion, you can recover deleted files from the OneDrive Recycle Bin or restore a previous version of a file in OneDrive.

Password protected and expiring share links – As a Microsoft 365 subscriber, you can better protect your shared files by setting a password for access or an expiration date for the share link.

Notification and recovery of bulk file deletions – If you accidentally or intentionally delete a large number of files in your OneDrive cloud backup, you’ll receive a warning and see the steps to restore them.

Personal vault

The OneDrive personal vault is a protected area in OneDrive that you can only access with a strong authentication method or a second identity verification step, z. B. With a fingerprint, your face, PIN, or a code sent to you via email or SMS. 1 Your locked files in the personal vault have an extra layer of security, making them more protected in case someone gains access to your account or device. The personal vault is on your PC, on OneDrive.com and available in the OneDrive mobile app, and also offers the following features:

Scan directly to the personal vault – You can use the OneDrive mobile app to take photos or record videos directly to your personal vault, moving them from less secure areas of your device, such as. B. your own recordings, keep them separate. 2 You can also scan important travel, identification, vehicle, home and insurance documents directly into your personal vault. And you can access those photos and documents from anywhere across all your devices.

BitLocker encryption – On Windows 10 PCs, OneDrive synchronizes the files in your personal vault with an area of your local hard drive encrypted with BitLocker.

Automatic locking – The personal vault is automatically locked again on your PC, device or online after a short period of inactivity. Once locked, any files you have used will also be locked, and re-authentication will be required to access them. 3

Together, these measures help ensure that your locked files in the personal vault are protected even if your Windows 10 PC or mobile device is lost, stolen, or someone gains access to it.

1 Verification using facial and fingerprint recognition requires specialized hardware, z. B. A Windows Hello-enabled device, a fingerprint reader, an illuminated IR sensor, or other biometric sensors and biometrics-enabled devices.
2 The OneDrive app on Android and iOS requires Android 6.0 or higher resp. iOS 12.0 and higher.
3 The auto-lock interval varies by device and can be set by the user.

Need more help?

Contact support
For help with your Microsoft account and subscriptions, go to Account& Billing Help.

For technical support, go to Contact Microsoft Support, enter your problem, and select Get help From. If you need further assistance, select Contact Support to be routed to the best support option.

Like this post? Please share to your friends:
Leave a Reply

;-) :| :x :twisted: :smile: :shock: :sad: :roll: :razz: :oops: :o :mrgreen: :lol: :idea: :grin: :evil: :cry: :cool: :arrow: :???: :?: :!: