Office 365’s Fine Print: What you need to know

Read the fine printOffice 365 is a good fit for some folks. Not so good for others.

Like any decision concerning your company’s or customers’ data, you should know all the risks and caveats before making a decision. Here are some important details for you to consider.

As you may or may not know, I effectively prepare and negotiate hosting contracts and Service Level Agreements (SLA) on a daily basis and have been doing so for over 15 years. I’ve seen some fantastic agreements from small companies and weak ones from Fortune 100s.

In the end, the fine print is critical and will always be what both parties stand behind. Nothing herein is based on conjecture or taken out of context. The following is all accurate, current information which you can verify in one click. Read for yourself and ask hard questions. You owe it to your company and customers.

Where does my data live?

I’ve gone back and forth on this topic with several Office 365 consultants so I finally decided to put this in writing. Folks assume that since they pick the geographic area of their data center (country) where they want their data stored, that it will remain in that data center and country. False.

The fact is, Microsoft says they can move your data to another Microsoft data center in another country without notifying you. Huh?  Now that I have your attention let’s continue. So while your data may start in the data center or country of your choice, it may end up in another and you won’t even know it happened.

In my experience with technology vendors, or vendors of any sort for that matter, when someone says they could do something you don’t want done and won’t tell you when they do it, that is a serious red flag and deal breaker.

So for those of you with data sovereignty or compliance issues and need your data to unequivocally live in a certain location for its duration, Office 365 may not be the best choice for you.

Proof

Microsoft Office 365 won't give notice when customer data is transferred to a new country

Microsoft Office 365 won’t give notice when customer data is transferred to a new country

Verify

http://www.microsoft.com/online/legal/v2/?docid=25

Limitation of Liability

Microsoft has a relatively low ceiling of liability for anything that may happen to you while you’re an Office 365 customer. This could include things like loss of data, excessive downtime, data breach, etc… I had actually missed this one before doing research for this blog. If you are a partner and receive Office 365 for free, you are limited to just $5,000 in damages. If you pay for the service, you are limited to the last 12 months of service as a maximum value for damages. If your data is important and someone else is acting as custodian, there should be a reasonable liability umbrella just like folks doing financial audits. Here is a reality check – people make mistakes and machines break. If you’re in the business of storing others’ data, you may lose some of it at some point. That’s why you have Cyber and E&O insurance.

This is a no-go for me if I am storing anything on Office 365 that I can’t afford to lose and am not able to back up locally on a schedule that makes me comfortable.

Proof

Microsoft Office 365 low ceiling on limitation of liability

Microsoft Office 365 low ceiling on limitation of liability

Verify

http://www.microsoft.com/global/en-us/office365/RenderingAssets/mosa/MOSA2011Agr%28NA%29%28ENG%29%28Apr2012%29%28HTML%29.htm

 

Audit Rights

For those of you with compliance or regulatory requirements, it’s important to know what your audit rights are when storing data with a Cloud provider like Office 365. In Microsoft’s case, you do not have any audit rights other than Microsoft providing evidence of their ISO, SSAE, PCI, HIPAA or Safe Harbor status. And while these standards are important, audits are fundamentally based on being able to go where the data lives and verify that it exists, it is what you say it is and it’s secure.

As a former auditor, this is a heavy black mark if I’m storing sensitive information with compliance or regulatory requirements whose failure to comply may result in significant penalties.

Proof

Microsoft Office 365 does not allow customers to audit Microsoft Online Services or Infrastructure

Microsoft Office 365 does not allow customers to audit Microsoft Online Services or Infrastructure

Verify

http://www.microsoft.com/online/legal/v2/?docid=27

In Conclusion

So, as always, whenever dealing with your company or your customers’ data, make sure you know all the ins and outs of the hosting provider you’re dealing with.









About Rob LaMear IV

Rob, Fpweb.net’s founder and biggest evangelist, believes the best thing about Fpweb.net is its people and energy, hands down. As a graduate from Notre Dame, Rob has led lots of past business lives as a window washer, golf artwork sales, accountant and D1 soccer coach. Passionate about doing things right and homemade apple pie, Rob is a firm believer in the American Dream and knows if you can dream it, you can do it. As much as he likes work and technology, Rob loves spending time with his family completely unplugged, fly fishing or joining a pickup game of soccer in the park. Follow Rob on Google+
This entry was posted in Office 365 and tagged , , , , , , , , , , . Bookmark the permalink.

3 Responses to Office 365’s Fine Print: What you need to know

  1. Pingback: What You May Have Missed This Month (MARCH)

  2. Pingback: Security in Office 365 | Oddytee

  3. Rolland says:

    Joined plumbing APSense since, June 24th, 2013, From delhi, India.
    What to Look For in a 24 Hour PlumberPersonally I am one of these situations, call a Seattle Plumbing Company you can trust, that
    is. I knew she was well paid plumbing and assumed she
    would get some top designing plumber to come to your house.
    Tree roots can somehow get into the domestic
    sector – earning a living mainly on their own. It was massive that morning.

Leave a Reply

Your email address will not be published. Required fields are marked *

Let's make sure you're human first: *