Link to home
Start Free TrialLog in
Avatar of sunhux
sunhux

asked on

Security considerations & assessment for using Office365 (MS Cloud?)

http://www.google.com.sg/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&cad=rja&uact=8&sqi=2&ved=0ahUKEwjb3dLts9rOAhUKQI8KHcKQA1UQFgg1MAE&url=http%3A%2F%2Fgo.microsoft.com%2Ffwlink%2Fp%2F%3FLinkId%3D401240&usg=AFQjCNE651HQzeEpPyS-3ewonyaPJIeWUg&sig2=UDpUlCIMDzdg7hdBle3_gw&bvm=bv.130731782,d.c2I

The above link gives many security features/compliance about Office365 but
I still have doubts on:

a) I suppose to use Office365, we'll run a link from our office to MS Cloud, right?
    Is this a point-to-point leased circuit link that is encrypted (hardware encryption
    or software?) or via public Internet (site to site VPN?) .  How many bit encryption
    is used here?

b) how is SharePoint service provided by Office365 safer/more secure than we
    using our own SharePoint?  I've always heard in defense projects, they won't
    trust to host their data offsite but only within their own local DC


http://en.share-gate.com/blog/office-365-data-protection-infographic
  referring to above link,

c) does MS offers continuous backup so that we can restore to a specific point
    in time (up to a specified minute) ?

d) does the above service offers NIDS & endpoint IPS protection ?

e) do we still use our own Data Loss Protection (to prevent leakage) or
    the above service provides it?

f) how is MS Exchange via this service more secure compared to hosting our
    MS Exchange server?  Is it more effective against spam, phishing & 
    ransomware?

g) in some clouds, data of numerous tenants/customers are backed up to
    a common tape via a shared tape drives ie data are co-mingled on the
    tape.  In the event a tenant wants to exit this service, how does the
    service provider ensure data is securely erased from the tapes or they
    do offer dedicated tapes (& tape drives) for each customer?   Can't be
    a tape holding multiple tenants' data need to be degaussed or securely
    destroyed??
ASKER CERTIFIED SOLUTION
Avatar of Vasil Michev (MVP)
Vasil Michev (MVP)
Flag of Bulgaria image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of sunhux
sunhux

ASKER

A couple more questions:

h) for users who VPN in, they VPN direct to our office & then connect to O365
    or they VPN direct to O365 at MS Cloud?

i) in some Cloud Service Provider, their sysadmins could login to tenants' servers;
   could MS login to their O365 tenants environmt or access their tenants' data?

j) does MS uses any sort of virtual firewall that segregates one tenant from the
    other?

k) should there be data leaks due to use of O365, does MS provide any provision
    to take up the liability?