Interlink Cloud Blog
Matt Scherocman

Microsoft is Keeping the Cloud Safe, and They Want You to Know How

Is your cloud provider keeping your information safe? This is a fair question and one that certainly needs to be asked.  In the past year the cloud has been battle tested and the answer, fortunately, is yes.  Yet even though the cloud has proven to be a secure platform, skepticism persists – largely due to the fact that providers are hesitant to share their security measures with the public. Microsoft wants you to know that these complaints are not falling on deaf ears.   Microsoft recently confirmed its commitment to transparency by announcing three of its products are now part of the Cloud Security Alliance’s (CSA) new STAR registry. 

The STAR (or CSA Security, Trust and Assurance Registry) is a searchable database that allows the public to compare a cloud service provider’s security to CSA established standards.  In April, Microsoft was proud to announce that Office 365, Windows Azure and Microsoft Dynamics CRM Online are all certified members of the registry. Check it out at and see for yourself what Microsoft is doing to keep your information safe. 

In addition to Microsoft’s commitment to transparency, Microsoft has taken numerous steps to ensure their cloud platforms are secure. For example, they were the first major cloud provider to be independently certified as ISO27001 (one of the best security benchmarks in the world), and the first to sign the EU’s Model Clauses for Security.  To find out what else Microsoft is doing to keep the cloud safe visit click here.

Matt Scherocman

How Unsecure Is the Cloud?

How Unsecure Is the Cloud?

Clients frequently ask our team about security in the cloud and how their data is protected.  We spend a ton of time with them walking them through the features of security that Microsoft has built.  Generally, the discussion boils down to two topics:

Even though the cloud isn’t perfect for security, it is exponentially better than what is currently protecting the same data at the client’s site.  Frequently, the customers who question the security of the clouds are the same ones who believe that a firewall and antivirus is strong security.  In my opinion, it is the bare minimum.  Taking these clients to the cloud provides a level of security that they have never seen and likely could never make the investment for.

Security by obscurity – many smaller clients believe that they have a level of security provided by the fact that they shouldn’t be a target.  “No one knows who we are.”  “No one knows our network is here.”  These arguments tend to fall apart with the use of automated tools that aren’t targeted.  They are just pointed at people’s internet addresses and sent to try and open as many doors as possible.  These automated bots do not discriminate like a human would – they will go after any and all data.  Our general advice is to remove the Exchange server which is one of the chattiest services on the network – it will talk to anyone.  And if a client really wants security by obscurity, Microsoft’s Office 365 service is so large that their mailboxes are sure to be lost in the mix.  If they find that comforting.

 

 

Matt Scherocman

What Data Security and Compliance is Built into Office 365?

Security is at the heart of Office 365.  Here are some great bullet points from a recent Microsoft blog listing.  Check out the full article here:  http://blogs.office.com/b/office365tech/archive/2013/10/23/cloud-services-you-can-trust-security-compliance-and-privacy-in-office-365.aspx
Built-in capabilities

    • Physical security - We monitor our data centers 24/7 and we have technologies and processes to protect our data centers from unauthorized access or natural disasters
    • Security best practices -We use best practices in design like Secure Development Lifecycle and operations like defense-in-depth to keep your data secure in our data centers
    • Data encryption - Every customers' email content is encrypted at rest using BitLocker Advanced Encryption Standard (AES) encryption
    • Secure network layer - Our networks are segmented, providing physical separation of critical back-end servers from the public-facing interfaces at the same time our Edge router security detects intrusions and signs of vulnerability
    • Automated operations like Lock Box processes - Access to the IT systems that store customer data is strictly controlled via lock box processes. This access control mechanism is similar to a system where two people have to turn the key for an action to be allowed.

Compliance

    • Independently Verified - Third party audits verify that Office 365 meets many key world-class industry standards and certifications
    • Control framework - We follow a strategic approach of implementing extensive standard controls that in turn satisfy various industry regulations. Office 365 supports over 600 controls that enable us to meet complex standards and offer contracts to customers in regulated industries or geographies, like ISO 27001, the EU Model Clauses, HIPAA Business Associate Agreements, FISMA/FedRAMP
    • Comprehensive Data Processing Agreement - Our Data Processing Agreement comprehensively addresses privacy and security of customer data, helping customers comply with local regulations

Privacy

    • No Advertising - We do not scan email, documents, build analytics or data mine to build advertising products. In fact, we do not use your information for anything other than providing you services you have subscribed for.
    • Data Portability - As an Office 365 customer, your data belongs to you, and you can export your data at any time with no restrictions. We act only as a data processor and provider of productivity services, not as a data owner
    • Notice and Consent - When we act upon your data, we let you know why and we ask for permission in advance or redirect any inquiries to our customers unless legally prevented to do so.
    • Breach Response - We have strong, tested and audited processes to inform you if there is a breach and re-mediate issues if they occur.
    • Data Minimization - We strive to minimize the actual amount of customer data that our internal teams have access to.


This posting is provided “AS IS” with no warranties, and confers no rights.

Matt Scherocman

How Does Office 365 Archiving Handle Terminated Users?

Exchange Online makes it possible for you to preserve the contents of deleted mailboxes indefinitely. This feature is called inactive mailboxes. A mailbox becomes inactive when an In-Place Hold is placed on the mailbox before the corresponding Office 365 user account is deleted.

You do not have to pay for keeping inactive mailboxes.

The contents of an inactive mailbox are preserved indefinitely. This allows administrators, compliance officers, or records managers to use the In-Place eDiscovery feature in Exchange Online to access and search the contents of an inactive mailbox. Inactive mailboxes can't receive email and aren't displayed in your organization's shared address book or other lists.

Note: If a hold isn't placed on a mailbox before it's deleted, the contents of the mailbox won't be preserved or discoverable. The mailbox can be recovered within 30 days of deletion, but the mailbox and its contents will be permanently deleted after 30 days if it isn't recovered.

To make a mailbox inactive, it must be assigned an Exchange Online (Plan 2) license or have an Exchange Online Archiving subscription so that an In-Place Hold can be placed on the mailbox before it's deleted.

1.  Access the contents of an inactive mailbox

After you make a mailbox inactive by placing the mailbox on In-Place Hold and then deleting the corresponding Office 365 user account, you can access the contents of the inactive mailbox by using In-Place eDiscovery in the Exchange admin center (EAC). When you search an inactive mailbox, you can create a keyword search query to search for specific items or you can return the entire contents of the inactive mailbox. You can preview the search results, copy the search results to a discovery mailbox, or export the search results to an Outlook Data (PST) file.

2. Permanently delete an inactive mailbox

If you no longer need to preserve the contents of an inactive mailbox, you can permanently delete the inactive mailbox by removing the In-Place Hold. If the mailbox was deleted more than 30 days ago, the mailbox will be permanently deleted after you remove the In-Place Hold, and mailbox items will become non-recoverable. If the mailbox was deleted within the last 30 days, you can still restore the mailbox after removing the hold.

This posting is provided “AS IS” with no warranties, and confers no rights.

For more information on how to manage inactive mailboxes click here.

Welcome to the Interlink Cloud Blog

All content provided on this blog is for informational purposes only. The owner of this blog makes no representations or warranties regarding the information from our partners or other external sources.

Blog Categories

Interlink Cloud
Interlink Cloud
5 post(s)
Tips and Tricks
Tips and Tricks
2 post(s)
Outlook
Outlook
2 post(s)
Reporting
Reporting
1 post(s)
Cloud Storage
Cloud Storage
2 post(s)
Webinars
Webinars
14 post(s)
OneDrive
OneDrive
5 post(s)
Yammer
Yammer
3 post(s)
Azure
Azure
20 post(s)
SharePoint
SharePoint
10 post(s)
Microsoft
Microsoft
6 post(s)
Lync
Lync
8 post(s)
Office 365
Office 365
58 post(s)

Blog Archive