Sindicatum CTO Perspective on Security & Privacy

Posted by: Bobby Jimenez, Chief Technology Officer, Sindicatum Sustainable Resources

A year ago my company, Sindicatum Sustainable Resources decided to move to the cloud with Office 365. Having done two years’ worth of homework, including meeting various cloud vendors, I decided that Office 365 was the right solution.

Now, 18 months down the line, the aim of this article is to report back on my experience as a customer as it relates to the way Microsoft treats security and privacy with Office 365.

One of the most common generalisations/assumptions about cloud technology is that cloud is less secure than traditional IT infrastructure setups and that your data isn’t safe in the cloud. This assumption is so commonly dished out that cloud providers often find themselves doing a much harder job of convincing clients to transition from traditional IT to cloud-based solutions than they anticipated (I believe this questioning is healthy and don’t want it to stop). Dispelling the “un-secure” assumption should be a full time job for cloud providers; a job with which Microsoft set the bar when it released Office 365.

On May 3 this year, Office 365 received certification under the US Federal Information Security Management Act, adding to a list of security and compliance certifications and audits that include EU Model Clauses, HIPAA, Safe Harbor, ISO 27001 and SAS70 Type II. Microsoft Office 365 is transparent with these certifications and audits and regularly publishes them (click here to see

On the Office 365 Trust Center Microsoft states: “We understand people have high expectations of any service provider and an interest in understanding where their data resides, who can access it and what we do with it. To that end, we created the Office 365 Trust Center to enable customers to learn more.” As a customer I find this so refreshing from a service provider and I struggle to find anything similar that gives this extra peace of mind.

One security feature of Office 365 my firm enjoys day-in and day-out is the antivirus and spam protection. To give an example, and Kudos to the Microsoft team for giving enterprise client administrators the ability to view email traffic stats, in the past week our company, which owns over 160 mailboxes, received 3709 spam messages of which only six are false positives. This is a remarkable level of accuracy by any spam filtering standards.

A few of the Office 365 features that I value include:

  • A financially backed 99.9% uptime Service Level Agreement
  • Data centres with SAS 70 and ISO 27001 certification
  • Geo-redundant data centres and automatic failovers
  • Enterprise-grade disaster recovery
  • Up-to-date antivirus and anti-spam protection

I have been in technology long enough to know that cybercriminals are increasingly sophisticated, resourced and determined. It’s reassuring to know that companies like Microsoft are committed to protecting customers like me from online security and privacy threats through constant innovation and product development.

As users of technology products and services we must always remain diligent to keep these threats at bay, we should always challenge our cloud vendors to maintain a high level of security and privacy standards and certifications that are visible to the public; something that Microsoft has shown with Office 365.