This article is actually a processing of an uploaded video on Youtube in which Vivek Sharma talks about security in the Microsoft cloud, combined with Office 365 features. Vivek Sharma is Partner Group Program Manager in the Office 365 team. I kindly recommend the movie, which you can find here http://www.youtube.com/watch?v=S4QqQG8tTSg. Its exposure is organized in three levels.
The IT system administrator of your company knows exactly what data is on any hard drive. Both on workstations and on servers. He/She can always take a hard disk and leave with him.
First of all, in a Data Center no one has physical access. The only ones who have access are the ones that are responsible for server maintenance. But they are not system administrators, and, although they are near servers, they do not know what logical functions they do. Server administrators, in most cases, are not near servers and in some situations they are event on another continent. So, it is rather unlikely that one of those who know what data is being administered will reach the place where they are actually stored.
But Vivek Sharma goes on with the "scenarios" and assumes that one of the engineers that is responsible for server maintenance will want to take out a hard drive. Well, in this case, the engineer will have a hard drive, but he will not be able to see the data on it. And that's because Microsoft uses data centers such as BitLocker in its data centers to stop reading information on a hard disk from another computer than the one in which it was installed (more about BitLoker here http://en.wikipedia.org/wiki/BitLocker). Moreover, in Microsoft data centers, dameged hard disks are destroyed, so the possibility that your data may accidentally reach a third party is impossible.
In order for logical data to be stolen, there are used virus/malware programs. Fortunately, Microsoft has found a method to prevent the execution of any code (meaning, the running of any program sequence) that it not familiar. Moreover, the methods that can use these code sequences, let's call them malicious, are blocked by Microsoft, more exactly, they cannot open the locations where are your data as web pages form or run only the applications with activities well known. AppLocker technology is the one that set which app is allowed to be run and by who (but more information about AppLocker can be found here: http://technet.microsoft.com/ro-ro/library/hh831440.aspx).
It doesn't matter how mach the system managers or data center administrators will struggle to protect your data both physically and logically, users level is still under discussion: how do you make a person from the company not to send confidential data by accident to those who should no see them? For this we have for help the "Protection" area from Office 365. With its help, you can specify who can read a specific email. You can make sure someone else cannot read your mail, it cannot be retrieved to someone else outside of your company or the attached files could not be opened, read or edited except by those who have these rights. With Office 365 RMS and DLP services, you can make sure that critical information remains within your organization (for those who want to see more about how to use RMS and DLP in Office 365, I recommend the following article written by Vivek Sharma: http://blogs.office.com/2013/09/10/collaborate-confidently-using-rights-management/).
But it's never been for those who defend a fortress (in our case, it's the one that protects your data) could not say, "Our fortress can never be breached." That's because the weapons are constantly evolving. And that's precisely why Microsoft has permanently hired two teams (red team is the attacking team and blue one is the defense team) that is trying, testing, stressing all the possible penetration of cloud services.The red team tries absolutely all the methods to generate a security breach and they try these attempt constantly day-by-day, and the blue team is fighting against them in order to put into practice all the necessary methods to protect your data. This is the only way Microsoft can ensure that it protects against of all the cyber threats that are constantly occur in the world.