Interlink Cloud Blog
Matt Scherocman

How is Microsoft Protecting Your Data From Government Snooping?

There have been a growing number of stories related to government surveillance of internet data in recent days. Our customers have taken notice and we have heard a number of concerns related to the privacy of their data in Microsoft’s Cloud.

While we share in these concerns, the bottom line is Microsoft is doing everything they can to keep your data safe. More importantly, there is no indication that any of Microsoft’s data has been breached by the government. We are told that on the business platforms, Microsoft has had only a handful of requests to share data with the government and was able to work with clients to provide notice and assistance in the vast majority of the cases.

A recent press release explains what Microsoft is doing to keep your data private.

Highlights include:

Expanding Encryption:

  • Microsoft is expanding or strengthening encryption across all of its services; particularly while data is transmitted over the internet
  • If you are on Office 365, Microsoft already encrypts all information moving between your business and Microsoft, and Microsoft’s internal data centers by default
  • These communication channels are protected by best-in-class cryptography including Perfect Forward Secrecy and 2048-bit Key lengths
  • All information which is stored in a Microsoft data center is protected by industry leading encryption and security protocols

Reinforcing legal protections:

  •  Committed to notifying any company when Microsoft receives a government request for access to their information
  • Working with other cloud providers to make the government go directly to an individual company, rather than a cloud provider, to obtain data

Increasing Transparency:

  •  Increasing the transparency of their software code, making it easier for customers to see for themselves that Microsoft products do not contain back doors.
  • Opening a network of transparency centers in the US, America and Asia

 

For more information or to read the full press release, please see this article from Microsoft

Matt Scherocman

Does Office 365 Include Message Enryption?

Microsoft has recently added to the Office 365 family – Messaging Encryption.  This replaces Exchange Hosted Encryption (EHE) and will be a great for many clients and is included as part of the E3/E4 suites.  Below are the key facts and a link to the O365 Technology Blog article outlining the new feature.

Key facts:

  • Included with O365 E3 and E4 at no cost
  • $2 per user per month to add to other plans
  • Rolling out the first quarter of 2014
  • Receiver does not need to be on the service
  • Current Exchange Hosted Encryption customers will be automatically upgraded

http://blogs.office.com/b/office365tech/archive/2013/11/21/introducing-office-365-message-encryption-send-encrypted-emails-to-anyone.aspx

This posting is provided “AS IS” with no warranties, and confers no rights.

Matt Scherocman

How Unsecure Is the Cloud?

How Unsecure Is the Cloud?

Clients frequently ask our team about security in the cloud and how their data is protected.  We spend a ton of time with them walking them through the features of security that Microsoft has built.  Generally, the discussion boils down to two topics:

Even though the cloud isn’t perfect for security, it is exponentially better than what is currently protecting the same data at the client’s site.  Frequently, the customers who question the security of the clouds are the same ones who believe that a firewall and antivirus is strong security.  In my opinion, it is the bare minimum.  Taking these clients to the cloud provides a level of security that they have never seen and likely could never make the investment for.

Security by obscurity – many smaller clients believe that they have a level of security provided by the fact that they shouldn’t be a target.  “No one knows who we are.”  “No one knows our network is here.”  These arguments tend to fall apart with the use of automated tools that aren’t targeted.  They are just pointed at people’s internet addresses and sent to try and open as many doors as possible.  These automated bots do not discriminate like a human would – they will go after any and all data.  Our general advice is to remove the Exchange server which is one of the chattiest services on the network – it will talk to anyone.  And if a client really wants security by obscurity, Microsoft’s Office 365 service is so large that their mailboxes are sure to be lost in the mix.  If they find that comforting.

 

 

Matt Scherocman

Microsoft is Keeping the Cloud Safe, and They Want You to Know How

Is your cloud provider keeping your information safe? This is a fair question and one that certainly needs to be asked.  In the past year the cloud has been battle tested and the answer, fortunately, is yes.  Yet even though the cloud has proven to be a secure platform, skepticism persists – largely due to the fact that providers are hesitant to share their security measures with the public. Microsoft wants you to know that these complaints are not falling on deaf ears.   Microsoft recently confirmed its commitment to transparency by announcing three of its products are now part of the Cloud Security Alliance’s (CSA) new STAR registry. 

The STAR (or CSA Security, Trust and Assurance Registry) is a searchable database that allows the public to compare a cloud service provider’s security to CSA established standards.  In April, Microsoft was proud to announce that Office 365, Windows Azure and Microsoft Dynamics CRM Online are all certified members of the registry. Check it out at and see for yourself what Microsoft is doing to keep your information safe. 

In addition to Microsoft’s commitment to transparency, Microsoft has taken numerous steps to ensure their cloud platforms are secure. For example, they were the first major cloud provider to be independently certified as ISO27001 (one of the best security benchmarks in the world), and the first to sign the EU’s Model Clauses for Security.  To find out what else Microsoft is doing to keep the cloud safe visit click here.

Matt Scherocman

What Data Security and Compliance is Built into Office 365?

Security is at the heart of Office 365.  Here are some great bullet points from a recent Microsoft blog listing.  Check out the full article here:  http://blogs.office.com/b/office365tech/archive/2013/10/23/cloud-services-you-can-trust-security-compliance-and-privacy-in-office-365.aspx
Built-in capabilities

    • Physical security - We monitor our data centers 24/7 and we have technologies and processes to protect our data centers from unauthorized access or natural disasters
    • Security best practices -We use best practices in design like Secure Development Lifecycle and operations like defense-in-depth to keep your data secure in our data centers
    • Data encryption - Every customers' email content is encrypted at rest using BitLocker Advanced Encryption Standard (AES) encryption
    • Secure network layer - Our networks are segmented, providing physical separation of critical back-end servers from the public-facing interfaces at the same time our Edge router security detects intrusions and signs of vulnerability
    • Automated operations like Lock Box processes - Access to the IT systems that store customer data is strictly controlled via lock box processes. This access control mechanism is similar to a system where two people have to turn the key for an action to be allowed.

Compliance

    • Independently Verified - Third party audits verify that Office 365 meets many key world-class industry standards and certifications
    • Control framework - We follow a strategic approach of implementing extensive standard controls that in turn satisfy various industry regulations. Office 365 supports over 600 controls that enable us to meet complex standards and offer contracts to customers in regulated industries or geographies, like ISO 27001, the EU Model Clauses, HIPAA Business Associate Agreements, FISMA/FedRAMP
    • Comprehensive Data Processing Agreement - Our Data Processing Agreement comprehensively addresses privacy and security of customer data, helping customers comply with local regulations

Privacy

    • No Advertising - We do not scan email, documents, build analytics or data mine to build advertising products. In fact, we do not use your information for anything other than providing you services you have subscribed for.
    • Data Portability - As an Office 365 customer, your data belongs to you, and you can export your data at any time with no restrictions. We act only as a data processor and provider of productivity services, not as a data owner
    • Notice and Consent - When we act upon your data, we let you know why and we ask for permission in advance or redirect any inquiries to our customers unless legally prevented to do so.
    • Breach Response - We have strong, tested and audited processes to inform you if there is a breach and re-mediate issues if they occur.
    • Data Minimization - We strive to minimize the actual amount of customer data that our internal teams have access to.


This posting is provided “AS IS” with no warranties, and confers no rights.

Welcome to the Interlink Cloud Blog

All content provided on this blog is for informational purposes only. The owner of this blog makes no representations or warranties regarding the information from our partners or other external sources.

Blog Categories

Interlink Cloud
Interlink Cloud
6 post(s)
Tips and Tricks
Tips and Tricks
2 post(s)
Outlook
Outlook
2 post(s)
Reporting
Reporting
1 post(s)
Cloud Storage
Cloud Storage
2 post(s)
Webinars
Webinars
15 post(s)
OneDrive
OneDrive
5 post(s)
Yammer
Yammer
3 post(s)
Azure
Azure
21 post(s)
SharePoint
SharePoint
10 post(s)
Microsoft
Microsoft
6 post(s)
SQL 2016
SQL 2016
1 post(s)
Lync
Lync
8 post(s)
Office 365
Office 365
59 post(s)