Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

exchange365 risk assessment

Posted on 2015-01-29
6
Medium Priority
?
156 Views
Last Modified: 2015-02-20
Our external risk team want to review our organisations email systems. At present it is half "on-premise" and half in the cloud via outlook/exchange365. The on premise is v2013 of Exchange.

What realistically should/could they look at in relation to the cloud email infrastructure (i.e. exchange365)? Are there any tools/scripts/best practice guides for such setups?

For the on-premise you can look at stuff like security configuration of the servers, mailbox DB backup policies, mailbox security access controls, etc etc
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 83

Accepted Solution

by:
David Johnson, CD, MVP earned 2000 total points
ID: 40577070
frrom various sources but Microsoft Office 365 is compliant with  ISO 27002 standard on information security practices and techniques to build a control matrix that includes firewalls, anti-virus patching and other controls drawn from the payment card industry's data security standard and also §  ISO 27001, Safe Harbor,   SSAE16 SOC1 Type II, SOC2 Type II,  FISMA regulations.  All of the drives are encrypted using bitlocker, all of the accessing servers are constrained with applocker and only processes s that are needed to access/modify the data are white-listed (they use a white list vs a black list policy).  Users with admin privileges don't have physical access and the converse is also true. for those with physical access don't have admin privileges
0
 
LVL 3

Author Comment

by:pma111
ID: 40577077
So are you basically saying "there is no point"...
0
 
LVL 83

Expert Comment

by:David Johnson, CD, MVP
ID: 40577081
There isn't much you can do since the data is more compliant and safer than anything smaller than a major enterprise can hope to attain. They also have an active red team/blue team testing the system on a continuous basis which even some major enterprises can't afford to maintain on an ongoing basis.  That is what you are paying for.
0
What Is Blockchain Technology?

Blockchain is a technology that underpins the success of Bitcoin and other digital currencies, but it has uses far beyond finance. Learn how blockchain works and why it is proving disruptive to other areas of IT.

 
LVL 3

Author Comment

by:pma111
ID: 40577086
I thought you could perhaps as the client still manage access control lists for 365 mailboxes internally, i.e. shared/group mailboxes? Surely there are a few "configurations" within the clients control, i.e. mailbox size, attachment size policy, use of protective marking, default/mandatory email signatures etc. Surely there must be some areas they can review... ?
0
 
LVL 83

Expert Comment

by:David Johnson, CD, MVP
ID: 40582464
sure you can administer shared/group mailboxes. login to the admin center/exchange
Exchange admin center
0
 
LVL 3

Author Comment

by:pma111
ID: 40583435
is it possible to export configurations set in the exchange admin centre?
0

Featured Post

Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes how to import Lotus Notes Contacts into Outlook 2016, 2013, 2010 and 2007 etc. with a few manual steps. You can easily export and migrate Lotus Notes contacts into Microsoft Outlook without having to use any third party tools.
New style of hardware planning for Microsoft Exchange server.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question