Interlink Cloud Blog

Interlink Cloud Blog

Welcome to the Interlink Cloud Blog

All content provided on this blog is for informational purposes only. The owner of this blog makes no representations or warranties regarding the information from our partners or other external sources.
Matt Scherocman

Does Office 365 Include Message Encryption?

Microsoft has recently added to the Office 365 family – Messaging Encryption.  This replaces Exchange Hosted Encryption (EHE) and will be a great for many clients and is included as part of the E3/E4 suites.  Below are the key facts and a link to the O365 Technology Blog article outlining the new feature.

Key facts:

  • Included with O365 E3 and E4 at no cost
  • $2 per user per month to add to other plans
  • Rolling out the first quarter of 2014
  • Receiver does not need to be on the service
  • Current Exchange Hosted Encryption customers will be automatically upgraded

http://blogs.office.com/b/office365tech/archive/2013/11/21/introducing-office-365-message-encryption-send-encrypted-emails-to-anyone.aspx

This posting is provided “AS IS” with no warranties, and confers no rights.

Continue reading
  6086 Hits
  0 Comments
Sarah Bunt

Is Office 365 International Traffic in Arms Regulations (ITAR) Compliant?

The simple answer is "no".

There are multiple flavors called Office 365 and the shared version (the most common) is not ITAR compliant. This comes from two different concerns around ITAR – 1) That only US citizens manage the data – Microsoft uses follow the sun support which includes non-Americans providing support and accessing the data 2) Is that the data stays in the US only. While this is typically true for Office 365, it does have the ability to fail over workloads to data centers located in other countries.

There are a few options:

  1. The ITAR compliant platform version of Office 365 is ITAR compliant, but it starts at 30,000 users and is considerable more expensive. http://technet.microsoft.com/en-us/library/dn270088.aspx
  2. Clients can split their users between platforms. Clients move everyone not working on defense contracts, including foreign nationals, out to the cloud and then hybrid the connection back to their existing Exchange installation where the ITAR restricted users and projects are housed.

Other Resources: Office 365 ITAR-support

This posting is provided “AS IS” with no warranties, and confers no rights.

 
Continue reading
  17508 Hits
  0 Comments
Matt Scherocman

Microsoft is Keeping the Cloud Safe, and They Want You to Know How

Is your cloud provider keeping your information safe? This is a fair question and one that certainly needs to be asked.  In the past year the cloud has been battle tested and the answer, fortunately, is yes.  Yet even though the cloud has proven to be a secure platform, skepticism persists – largely due to the fact that providers are hesitant to share their security measures with the public. Microsoft wants you to know that these complaints are not falling on deaf ears.   Microsoft recently confirmed its commitment to transparency by announcing three of its products are now part of the Cloud Security Alliance’s (CSA) new STAR registry. 

The STAR (or CSA Security, Trust and Assurance Registry) is a searchable database that allows the public to compare a cloud service provider’s security to CSA established standards.  In April, Microsoft was proud to announce that Office 365, Windows Azure and Microsoft Dynamics CRM Online are all certified members of the registry. Check it out at and see for yourself what Microsoft is doing to keep your information safe. 

In addition to Microsoft’s commitment to transparency, Microsoft has taken numerous steps to ensure their cloud platforms are secure. For example, they were the first major cloud provider to be independently certified as ISO27001 (one of the best security benchmarks in the world), and the first to sign the EU’s Model Clauses for Security.  To find out what else Microsoft is doing to keep the cloud safe visit click here.

Continue reading
  4283 Hits
  0 Comments
Matt Scherocman

How Unsecure Is the Cloud?

How Unsecure Is the Cloud?

Clients frequently ask our team about security in the cloud and how their data is protected.  We spend a ton of time with them walking them through the features of security that Microsoft has built.  Generally, the discussion boils down to two topics:

Even though the cloud isn’t perfect for security, it is exponentially better than what is currently protecting the same data at the client’s site.  Frequently, the customers who question the security of the clouds are the same ones who believe that a firewall and antivirus is strong security.  In my opinion, it is the bare minimum.  Taking these clients to the cloud provides a level of security that they have never seen and likely could never make the investment for.

Security by obscurity – many smaller clients believe that they have a level of security provided by the fact that they shouldn’t be a target.  “No one knows who we are.”  “No one knows our network is here.”  These arguments tend to fall apart with the use of automated tools that aren’t targeted.  They are just pointed at people’s internet addresses and sent to try and open as many doors as possible.  These automated bots do not discriminate like a human would – they will go after any and all data.  Our general advice is to remove the Exchange server which is one of the chattiest services on the network – it will talk to anyone.  And if a client really wants security by obscurity, Microsoft’s Office 365 service is so large that their mailboxes are sure to be lost in the mix.  If they find that comforting.

 

 

Continue reading
  4071 Hits
  0 Comments
Matt Scherocman

What Data Security and Compliance is Built into Office 365?

Security is at the heart of Office 365.  Here are some great bullet points from a recent Microsoft blog listing.  Check out the full article here:  http://blogs.office.com/b/office365tech/archive/2013/10/23/cloud-services-you-can-trust-security-compliance-and-privacy-in-office-365.aspx
Built-in capabilities

    • Physical security - We monitor our data centers 24/7 and we have technologies and processes to protect our data centers from unauthorized access or natural disasters
    • Security best practices -We use best practices in design like Secure Development Lifecycle and operations like defense-in-depth to keep your data secure in our data centers
    • Data encryption - Every customers' email content is encrypted at rest using BitLocker Advanced Encryption Standard (AES) encryption
    • Secure network layer - Our networks are segmented, providing physical separation of critical back-end servers from the public-facing interfaces at the same time our Edge router security detects intrusions and signs of vulnerability
    • Automated operations like Lock Box processes - Access to the IT systems that store customer data is strictly controlled via lock box processes. This access control mechanism is similar to a system where two people have to turn the key for an action to be allowed.

Compliance

    • Independently Verified - Third party audits verify that Office 365 meets many key world-class industry standards and certifications
    • Control framework - We follow a strategic approach of implementing extensive standard controls that in turn satisfy various industry regulations. Office 365 supports over 600 controls that enable us to meet complex standards and offer contracts to customers in regulated industries or geographies, like ISO 27001, the EU Model Clauses, HIPAA Business Associate Agreements, FISMA/FedRAMP
    • Comprehensive Data Processing Agreement - Our Data Processing Agreement comprehensively addresses privacy and security of customer data, helping customers comply with local regulations

Privacy

    • No Advertising - We do not scan email, documents, build analytics or data mine to build advertising products. In fact, we do not use your information for anything other than providing you services you have subscribed for.
    • Data Portability - As an Office 365 customer, your data belongs to you, and you can export your data at any time with no restrictions. We act only as a data processor and provider of productivity services, not as a data owner
    • Notice and Consent - When we act upon your data, we let you know why and we ask for permission in advance or redirect any inquiries to our customers unless legally prevented to do so.
    • Breach Response - We have strong, tested and audited processes to inform you if there is a breach and re-mediate issues if they occur.
    • Data Minimization - We strive to minimize the actual amount of customer data that our internal teams have access to.


This posting is provided “AS IS” with no warranties, and confers no rights.

Continue reading
  5812 Hits
  0 Comments

Welcome to the Interlink Cloud Blog

All content provided on this blog is for informational purposes only. The owner of this blog makes no representations or warranties regarding the information from our partners or other external sources.