sunhux
asked on
Security considerations & assessment for using Office365 (MS Cloud?)
http://www.google.com.sg/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&cad=rja&uact=8&sqi=2&ved=0ahUKEwjb3dLts9rOAhUKQI8KHcKQA1UQFgg1MAE&url=http%3A%2F%2Fgo.microsoft.com%2Ffwlink%2Fp%2F%3FLinkId%3D401240&usg=AFQjCNE651HQzeEpPyS-3ewonyaPJIeWUg&sig2=UDpUlCIMDzdg7hdBle3_gw&bvm=bv.130731782,d.c2I
The above link gives many security features/compliance about Office365 but
I still have doubts on:
a) I suppose to use Office365, we'll run a link from our office to MS Cloud, right?
Is this a point-to-point leased circuit link that is encrypted (hardware encryption
or software?) or via public Internet (site to site VPN?) . How many bit encryption
is used here?
b) how is SharePoint service provided by Office365 safer/more secure than we
using our own SharePoint? I've always heard in defense projects, they won't
trust to host their data offsite but only within their own local DC
http://en.share-gate.com/blog/office-365-data-protection-infographic
referring to above link,
c) does MS offers continuous backup so that we can restore to a specific point
in time (up to a specified minute) ?
d) does the above service offers NIDS & endpoint IPS protection ?
e) do we still use our own Data Loss Protection (to prevent leakage) or
the above service provides it?
f) how is MS Exchange via this service more secure compared to hosting our
MS Exchange server? Is it more effective against spam, phishing &
ransomware?
g) in some clouds, data of numerous tenants/customers are backed up to
a common tape via a shared tape drives ie data are co-mingled on the
tape. In the event a tenant wants to exit this service, how does the
service provider ensure data is securely erased from the tapes or they
do offer dedicated tapes (& tape drives) for each customer? Can't be
a tape holding multiple tenants' data need to be degaussed or securely
destroyed??
The above link gives many security features/compliance about Office365 but
I still have doubts on:
a) I suppose to use Office365, we'll run a link from our office to MS Cloud, right?
Is this a point-to-point leased circuit link that is encrypted (hardware encryption
or software?) or via public Internet (site to site VPN?) . How many bit encryption
is used here?
b) how is SharePoint service provided by Office365 safer/more secure than we
using our own SharePoint? I've always heard in defense projects, they won't
trust to host their data offsite but only within their own local DC
http://en.share-gate.com/blog/office-365-data-protection-infographic
referring to above link,
c) does MS offers continuous backup so that we can restore to a specific point
in time (up to a specified minute) ?
d) does the above service offers NIDS & endpoint IPS protection ?
e) do we still use our own Data Loss Protection (to prevent leakage) or
the above service provides it?
f) how is MS Exchange via this service more secure compared to hosting our
MS Exchange server? Is it more effective against spam, phishing &
ransomware?
g) in some clouds, data of numerous tenants/customers are backed up to
a common tape via a shared tape drives ie data are co-mingled on the
tape. In the event a tenant wants to exit this service, how does the
service provider ensure data is securely erased from the tapes or they
do offer dedicated tapes (& tape drives) for each customer? Can't be
a tape holding multiple tenants' data need to be degaussed or securely
destroyed??
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
h) for users who VPN in, they VPN direct to our office & then connect to O365
or they VPN direct to O365 at MS Cloud?
i) in some Cloud Service Provider, their sysadmins could login to tenants' servers;
could MS login to their O365 tenants environmt or access their tenants' data?
j) does MS uses any sort of virtual firewall that segregates one tenant from the
other?
k) should there be data leaks due to use of O365, does MS provide any provision
to take up the liability?