Information stored as e-mail and file share data often makes up a significant share of the intellectual assets of a company. Said simply, loss of e-mail and file share data would be a very significant loss for many companies. In the traditional model of the past, that data was stored on a server located on-premises, backed up daily to removable media that was then stored off-site.
Moving of all company resources to a hosted cloud service is compelling from the cost standpoint. In the case of Microsoft Exchange and SharePoint Online, company data is stored in a shared database – either SQL in the case of SharePoint, or a close relative for Exchange. These databases are replicated to other servers – it is likely that Microsoft is maintaining at least four database replicas across more than one physical location.
If data of many companies is stored in a common database, how is that data kept private and secure? Here the respective platforms, Exchange and SharePoint, rely on security structures that restrict access of data to authorized accounts, and these structures are faithfully extended to all aspects of the service – the company address book, as displayed in Outlook, for instance, shows only company employees. And not to overlook, your company data can also be encrypted on either of these platforms.
Exchange and SharePoint Online are hosted services – Software as as Service – SaaS. Indeed, the model of providing a software as a cloud hosted service is not new, and has been widely adopted by business.
And so the answer is that corporate data, hosted on Exchange or SharePoint, is stored in a common database, kept private by security structures of the software, and optionally encrypted at the file or message level via a key that is unique to your company.