Talk is cheap in IT circles, so it's no surprise Microsoft's claim that Office 2016 is the most secure version...
of Office ever met some questions.
Will new Microsoft Office 2016 features be truly integrated into the business application experience to make the lives of Windows admins easier as the company claimed in a blog post last fall? Or is it mere vendor fodder that creates complexity and negates any security benefits?
It seems Microsoft's claims have substance because the company added security features to Office 2016 that should help IT meet a good portion of its Office application security needs. Office 2016 features include data protection, authentication and data loss prevention. Other native Office 2016 security features include:
- Email and file encryption;
- Multifactor authentication for application and file access;
- Rights management for Visio documents to help protect intellectual property;
- Document versioning enhancements that can fall back to previous versions; and
- Automated, albeit somewhat confusing,update management for pushing Office updates.
Admins also have the ability to define sensitive information, detect the information in Office documents and notify users that the information is present. IT can create and manage "self-protecting" documents across multiple platforms -- such as Windows, Apple iOS and Google Android -- with the Enterprise Mobility Suite's rights management. And users can email links to documents rather than attaching them directly to emails.
Questions to consider
How Microsoft Office 2016 features benefit an organization depends on that company's specific requirements, so it's important to ask questions to figure out if Office is secure enough.
What information must IT protect? Some shops must worry about protecting Word documents or Excel spreadsheets that contain intellectual property or personally identifiable information. Alternatively, companies may be concerned about how Office information is stored and shared via Outlook and Exchange.
How do security and compliance requirements tie in? Businesses must determine how Office files -- and the systems they live on -- might currently be at risk. Look at specific threats and vulnerabilities in the environment, and don't overlook files that may be stored unprotected on server shares. Files could also end up in a cloud environment that's not adequately secured or doesn't meet existing regulatory or contractual requirements.
There is a slew of other questions that businesses must answer on a case-by-case basis: Does the company need to keep files under wraps while at rest or in transit? Does it need to monitor who accesses the files and what they do with them? Is local storage necessary? Will files be created in -- or sent to -- Office 365 or other cloud services? What's the best approach to keeping the office application environment in check?
The security controls that are baked into Office 2016 certainly improve on previous versions, but native capabilities are not always enough. Third-party products still might be better. As a result, companies should use whatever security measures they have in place and let Office 2016's new features bolster their security.
A look at Office 2016 collaboration tools
Mail client updates in Office 2016
What happened to Skype in Office 2016?