Many companies use Microsoft 365, but because of the US cloud connections, the Office package is also controversial. In no case should companies rely on the security measures of the provider, as Inés Atug explains in the new iX 7/2021, because quite apart from the potential conflict of interest, Microsoft does not know what specific security needs a customer has.
Cloud Security Policies
And even this often first has to familiarize himself with the topic of cloud security. This is where the ISO 27017 sub-standard from the ISO 27001 family helps: It offers the customer and provider important guidelines that administrators can use to make the correct security settings. Central points are the access control and the user rights – because if these are configured correctly, they significantly limit the possibilities of an attacker.
In addition, those responsible must constantly keep an eye on Microsoft updates. As is typical for the cloud, the developers constantly deliver new functions, delete features or introduce new settings for administrators. As a rule, however, Microsoft announces all of this and the documentation for the 365 package is also well maintained. Nevertheless, new vulnerabilities quickly emerge, for example through phishing via forms – if the application is to be used, employees have to be sensitized accordingly.
Reddit data evaluated with Python
The admin tools are just as extensive: Microsoft does not offer a central console, but rather hides many settings in different interfaces. System administrators will find in the JulyiX also an overview of all tools and the most important configurations. Further topics of the new issue are the data analysis of the social network Reddit with Python, the app programming practice with Android’s new UI toolkit Jetpack Compose and the recently ennobled Internet standard QUIC.