Office 365 Storage Limits

Home >> Office 365 Storage Limits

What you need to know about Office 365 storage and its limits

The Office 365 cloud storage system is known as OneDrive or, if you’re a business, OneDrive for Business. Its consumer (free) version has 5GB of storage as standard and the paid versions currently have 1TB of storage as standard. This can, of course, change, but if it does it will probably change in an upward direction (i.e. be increased) as a reflection of how much people are using the cloud and the fact that it is increasingly being used to store heavy files such as videos.

Understanding the basics of cloud storage

Assuming you’re using a reputable cloud storage system, like OneDrive, the principle on which it works is that the data is entirely yours but the responsibility for keeping it safe is shared between the cloud storage vendor, in this case Microsoft, and the data owner. Let’s look at how this works in practice.

All data stored in OneDrive belongs to your organization and your organization alone

There seems to be a lot of misconceptions about data ownership in the cloud, so let’s use this opportunity to clear them up. If you are working with a legitimate cloud storage vendor such as Microsoft all data stored by your organization belongs to your organization and to your organization alone. That’s it.

Office 365 Storage Limits

Microsoft employees do not get access to your data. They will only touch it if legally obligated to do so, for example, if so ordered by a court. They do collect aggregated statistics on service usage and user behavior which they use to improve the Office 365 service and, in particular, the security, but that is high-level information which does not require access to an organization’s data.

You can take your data back out of the cloud any time you like and if you do Microsoft will delete all traces of it.

Microsoft is responsible for creating a safe environment for your data

It is Microsoft’s job to ensure that all data within its systems is kept safe from internal and external threats. These include malicious employees, systems failures, environmental hazards and, of course, the activities of cybercriminals. Microsoft does this by investing in highly-secure facilities (in safe locations), state-of-the-art security technologies to protect its network and by employing highly-skilled cybersecurity professionals to deploy and monitor these technologies.

All that said, however, OneDrive is still a public cloud service, meaning that it is a cloud service which is shared with other Office 365 users. This has two security implications. Firstly, it means that data goes off-premises (and into the cloud) and secondly, the more legitimate users a service has, the more susceptible it is to having its security compromised.

These are both fair points and for some companies they may be deal-breakers, for example, OneDrive may not be the place you want to store the results of your top-secret, cutting-edge research and development. For many SMBs, however, using a public cloud service from a reputable cloud vendor such as Microsoft can actually work out safer than hosting their own internal infrastructure, purely and simply because Microsoft has massively greater resources and expertise.

You are responsible for creating safe policies for the governance of your data

For the most part, governing data which is stored in the cloud is actually very similar to governing data which is stored on-premises. It starts with good access control, which in turn starts with identifying who needs access to what data and ensuring that they are given access to that data and that data only. You might be prepared to allow people to have access to data which is helpful for their work even if it’s not strictly necessary, but there should always be a business justification for this.

You also need to ensure that user accesses are only ever used by the specific individual to whom they are granted. In the case of Office 365 storage, the standard way of doing this is by turning on multi-factor authentication. If you wish, you can create whitelisted safe IPs, such as the office network to reduce the level of inconvenience to users, but they should still be educated as to why such measures are necessary.

You should also have clear policies regarding what data you collect, the purpose for which it is collected and the length of time for which it needs to be stored as well as a process in place for archiving data when it is no longer actively required and deleting it completely when it is no longer required at all. This is actually an obligation for any organization working under GDPR.

If you’re interested in knowing more about Office 365 storage and its limits, please click here now to contact Aperio.IT.