Solved

Security considerations & assessment for using Office365 (MS Cloud?)

Posted on 2016-08-24
3
122 Views
Last Modified: 2016-09-15
http://www.google.com.sg/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&cad=rja&uact=8&sqi=2&ved=0ahUKEwjb3dLts9rOAhUKQI8KHcKQA1UQFgg1MAE&url=http%3A%2F%2Fgo.microsoft.com%2Ffwlink%2Fp%2F%3FLinkId%3D401240&usg=AFQjCNE651HQzeEpPyS-3ewonyaPJIeWUg&sig2=UDpUlCIMDzdg7hdBle3_gw&bvm=bv.130731782,d.c2I

The above link gives many security features/compliance about Office365 but
I still have doubts on:

a) I suppose to use Office365, we'll run a link from our office to MS Cloud, right?
    Is this a point-to-point leased circuit link that is encrypted (hardware encryption
    or software?) or via public Internet (site to site VPN?) .  How many bit encryption
    is used here?

b) how is SharePoint service provided by Office365 safer/more secure than we
    using our own SharePoint?  I've always heard in defense projects, they won't
    trust to host their data offsite but only within their own local DC


http://en.share-gate.com/blog/office-365-data-protection-infographic
  referring to above link,

c) does MS offers continuous backup so that we can restore to a specific point
    in time (up to a specified minute) ?

d) does the above service offers NIDS & endpoint IPS protection ?

e) do we still use our own Data Loss Protection (to prevent leakage) or
    the above service provides it?

f) how is MS Exchange via this service more secure compared to hosting our
    MS Exchange server?  Is it more effective against spam, phishing & 
    ransomware?

g) in some clouds, data of numerous tenants/customers are backed up to
    a common tape via a shared tape drives ie data are co-mingled on the
    tape.  In the event a tenant wants to exit this service, how does the
    service provider ensure data is securely erased from the tapes or they
    do offer dedicated tapes (& tape drives) for each customer?   Can't be
    a tape holding multiple tenants' data need to be degaussed or securely
    destroyed??
0
Comment
Question by:sunhux
3 Comments
 
LVL 40

Accepted Solution

by:
Vasil Michev (MVP) earned 450 total points
ID: 41769105
You've already found the whitepaper, now start looking at the links therein. Here are the short answers:

a) Data is always encrypted in transit, but that will not help you against MITM attacks. You need to trust your ISP and all the network equipment in between.

b) you know there's a separate O365 instance that the USA gov is using, right? Obviously it's secure enough for them.

c) they don't offer point-in-time backups, if you have specific needs for such, you need to use 3rd party services/products

d) it "offers" it on the datacenter level, not many details are given usually as they can pose potential security risk. again, half the world is using O365 now, including governments, big banks, huge enterprises... it's secure

e) you can either use your own, or the one that comes with the service, at additional price.

f) already covered above. spam/malware effectiveness can vary, but you can always use 3rd party service if you are not happy with what you get with O365

g) again, covered above, also check the links in the document.

I'd also recommend checking the Trust center (https://products.office.com/en-us/business/office-365-trust-center-security) and if you have an existing O365 (even trial), the documents in the Service assurance portal (https://protection.office.com/#/serviceassurance/othertrust). You can always talk to your Microsoft representatives as well.
0
 
LVL 17

Assisted Solution

by:Walter Curtis
Walter Curtis earned 50 total points
ID: 41769138
You have very good questions, indicating some cloud doubts. If you have doubts, then stick to what you can control, on premise. Always remember, Microsoft and other cloud providers are in the business of making money, which I am not against, but their marketing will be geared towards that goal, which could be more important to them than your security goals....

Just saying...
0
 

Author Comment

by:sunhux
ID: 41769696
A couple more questions:

h) for users who VPN in, they VPN direct to our office & then connect to O365
    or they VPN direct to O365 at MS Cloud?

i) in some Cloud Service Provider, their sysadmins could login to tenants' servers;
   could MS login to their O365 tenants environmt or access their tenants' data?

j) does MS uses any sort of virtual firewall that segregates one tenant from the
    other?

k) should there be data leaks due to use of O365, does MS provide any provision
    to take up the liability?
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
February 24, 2017 — On February 23, Travis Ormandy, a vulnerability researcher at Google, reported on Twitter (https://twitter.com/taviso/status/834900838837411840) that massive stores of data have been leaked by CloudFlare, a company that provide…
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question