Interlink Cloud Blog

Interlink Cloud Blog

Welcome to the Interlink Cloud Blog

All content provided on this blog is for informational purposes only. The owner of this blog makes no representations or warranties regarding the information from our partners or other external sources.
Matt Scherocman

Is Office 365 HIPAA Compliant?

Yes. Microsoft® Office 365 provides all the capabilities you need to satisfy the technology requirements for HIPAA and HITECH compliance. These regulations require that organizations establish and document procedures that govern:hipaa compliant2

  • Restrict access to patient data.
  • How patient data is handled.
  • How stored patient data is kept secure.
  • How to secure patient data when it’s transmitted.

Meeting these general guidelines requires lots of time and attention to detail. Office 365 helps you meet these requirements with less time and cost than you might think.

Continue reading
  15606 Hits
Matt Scherocman

How is Microsoft Protecting Your Data From Government Snooping?

There have been a growing number of stories related to government surveillance of internet data in recent days. Our customers have taken notice and we have heard a number of concerns related to the privacy of their data in Microsoft’s Cloud.

While we share in these concerns, the bottom line is Microsoft is doing everything they can to keep your data safe. More importantly, there is no indication that any of Microsoft’s data has been breached by the government. We are told that on the business platforms, Microsoft has had only a handful of requests to share data with the government and was able to work with clients to provide notice and assistance in the vast majority of the cases.

A recent press release explains what Microsoft is doing to keep your data private.

Highlights include:

Expanding Encryption:

  • Microsoft is expanding or strengthening encryption across all of its services; particularly while data is transmitted over the internet
  • If you are on Office 365, Microsoft already encrypts all information moving between your business and Microsoft, and Microsoft’s internal data centers by default
  • These communication channels are protected by best-in-class cryptography including Perfect Forward Secrecy and 2048-bit Key lengths
  • All information which is stored in a Microsoft data center is protected by industry leading encryption and security protocols

Reinforcing legal protections:

  •  Committed to notifying any company when Microsoft receives a government request for access to their information
  • Working with other cloud providers to make the government go directly to an individual company, rather than a cloud provider, to obtain data

Increasing Transparency:

  •  Increasing the transparency of their software code, making it easier for customers to see for themselves that Microsoft products do not contain back doors.
  • Opening a network of transparency centers in the US, America and Asia

 

For more information or to read the full press release, please see this article from Microsoft

Continue reading
  6456 Hits
Eric Brophy

What is the HeartBleed Vulnerability?

In recent days we have had a lot of questions from clients who were concerned their information may have been compromised in Office 365 by the HeartBleed vulnerability.  This flaw allows intruders to read server memory which would contain usernames, passwords, credit cards, or any other confidential information that may be on the server running OpenSSL.  We wanted to take a minute to reassure you that Office 365 and out of the box Microsoft configurations are not affected. 

The Heartbleed vulnerability is specific to OpenSSL which is not being used for any Microsoft Office 365 services.  In fact, all Microsoft servers (Windows Server 2003 through Windows Server 2012 R2) do not utilize OpenSSL out of the box and use their own encryption component called Secure Channel (or SChannel which you may have seen errors in your event log for).  Unless you have installed Apache or some other third-party application that uses OpenSSL on your Windows Server, you should be fine.  Microsoft will continue actively monitor the security of Office 365 with threat modeling and attack surface analysis.  We continue to believe security is a benefit of the Microsoft cloud services that goes above and beyond what a typical business can do and it is not a weakness. 

For additional information please reference this article from Microsoft

Continue reading
  5408 Hits
Matt Scherocman

Does Office 365 Include Message Encryption?

Microsoft has recently added to the Office 365 family – Messaging Encryption.  This replaces Exchange Hosted Encryption (EHE) and will be a great for many clients and is included as part of the E3/E4 suites.  Below are the key facts and a link to the O365 Technology Blog article outlining the new feature.

Key facts:

  • Included with O365 E3 and E4 at no cost
  • $2 per user per month to add to other plans
  • Rolling out the first quarter of 2014
  • Receiver does not need to be on the service
  • Current Exchange Hosted Encryption customers will be automatically upgraded

http://blogs.office.com/b/office365tech/archive/2013/11/21/introducing-office-365-message-encryption-send-encrypted-emails-to-anyone.aspx

This posting is provided “AS IS” with no warranties, and confers no rights.

Continue reading
  7102 Hits
Sarah Bunt

Is Office 365 International Traffic in Arms Regulations (ITAR) Compliant?

The simple answer is "no".

There are multiple flavors called Office 365 and the shared version (the most common) is not ITAR compliant. This comes from two different concerns around ITAR – 1) That only US citizens manage the data – Microsoft uses follow the sun support which includes non-Americans providing support and accessing the data 2) Is that the data stays in the US only. While this is typically true for Office 365, it does have the ability to fail over workloads to data centers located in other countries.

There are a few options:

  1. The ITAR compliant platform version of Office 365 is ITAR compliant, but it starts at 30,000 users and is considerable more expensive. http://technet.microsoft.com/en-us/library/dn270088.aspx
  2. Clients can split their users between platforms. Clients move everyone not working on defense contracts, including foreign nationals, out to the cloud and then hybrid the connection back to their existing Exchange installation where the ITAR restricted users and projects are housed.

Other Resources: Office 365 ITAR-support

This posting is provided “AS IS” with no warranties, and confers no rights.

 
Continue reading
  20106 Hits

Welcome to the Interlink Cloud Blog

All content provided on this blog is for informational purposes only. The owner of this blog makes no representations or warranties regarding the information from our partners or other external sources.