Solved

exchange365 risk assessment

Posted on 2015-01-29
6
140 Views
Last Modified: 2015-02-20
Our external risk team want to review our organisations email systems. At present it is half "on-premise" and half in the cloud via outlook/exchange365. The on premise is v2013 of Exchange.

What realistically should/could they look at in relation to the cloud email infrastructure (i.e. exchange365)? Are there any tools/scripts/best practice guides for such setups?

For the on-premise you can look at stuff like security configuration of the servers, mailbox DB backup policies, mailbox security access controls, etc etc
0
Comment
Question by:pma111
  • 3
  • 3
6 Comments
 
LVL 80

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 40577070
frrom various sources but Microsoft Office 365 is compliant with  ISO 27002 standard on information security practices and techniques to build a control matrix that includes firewalls, anti-virus patching and other controls drawn from the payment card industry's data security standard and also §  ISO 27001, Safe Harbor,   SSAE16 SOC1 Type II, SOC2 Type II,  FISMA regulations.  All of the drives are encrypted using bitlocker, all of the accessing servers are constrained with applocker and only processes s that are needed to access/modify the data are white-listed (they use a white list vs a black list policy).  Users with admin privileges don't have physical access and the converse is also true. for those with physical access don't have admin privileges
0
 
LVL 3

Author Comment

by:pma111
ID: 40577077
So are you basically saying "there is no point"...
0
 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 40577081
There isn't much you can do since the data is more compliant and safer than anything smaller than a major enterprise can hope to attain. They also have an active red team/blue team testing the system on a continuous basis which even some major enterprises can't afford to maintain on an ongoing basis.  That is what you are paying for.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 3

Author Comment

by:pma111
ID: 40577086
I thought you could perhaps as the client still manage access control lists for 365 mailboxes internally, i.e. shared/group mailboxes? Surely there are a few "configurations" within the clients control, i.e. mailbox size, attachment size policy, use of protective marking, default/mandatory email signatures etc. Surely there must be some areas they can review... ?
0
 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 40582464
sure you can administer shared/group mailboxes. login to the admin center/exchange
Exchange admin center
0
 
LVL 3

Author Comment

by:pma111
ID: 40583435
is it possible to export configurations set in the exchange admin centre?
0

Featured Post

Active Directory Webinar

We all know we need to protect and secure our privileges, but where to start? Join Experts Exchange and ManageEngine on Tuesday, April 11, 2017 10:00 AM PDT to learn how to track and secure privileged users in Active Directory.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
Large Outlook files lead to various unwanted errors and corruption issues. Furthermore, large outlook files can also make Outlook take longer to start-up, search, navigate, and shut-down. So, In this article, i will discuss a method to make your Out…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question