Link to home
Start Free TrialLog in
Avatar of baleman2
baleman2

asked on

Exchange Server in the Cloud

So far, this is not a tech assistance issue.  I'm reaching out to "experts" to see how best to accomplish a task for a business owner that I help with problems.
He has 30 employees who work in medical facilities in several states.  Most of these facilities have their own internal network.  They do not allow access to that network, but do allow connectivity to a "guest" network on the premises.
These 30 employees are using a facility's "guest" network for access to their own software vendor's website via the internet.
Each client PC is using Office 365 (Work, Excel, PowerPoint, Outlook, etc.) in the cloud.
The issue I'm researching and attempting to resolve deals with Outlook email communications.  These 30 employees must be able to send PHI (Physical Health Information) to each other.  Right now they are doing so after connecting to a facility's "guest" network and using Outlook to Send/Receive.  GoDaddy is hosting their email.
These clients must pass a compliance test per HIPAA regulations.  Right now, these clients are failing the compliance test.  I'm assuming non-compliance may be the result of settings/configuration on the GoDaddy server that's handling their email transmissions.
Would this issue be better resolved by renting space on an Exchange Server in the cloud?  In this manner, I could modify settings on the Exchange Server so that email transmissions would be compliant per HIPAA regulations?
Would the resolution involve using a cloud
Avatar of Kimputer
Kimputer

Expand your Office 365 subscription to INCLUDE Exchange Online. Exchange Online, hosted by MS, is always secured traffic.
Avatar of baleman2

ASKER

Thus, eliminating GoDaddy as the email provider????
Usually, if the GoDaddy is an Exchange Online version, it's also secured. But from your description, it seems like you don't trust it, or it's easily defeated.
So in that case, yes, eliminate GoDaddy as the email provider.
Office 365 is totally secured when it comes HIPAA regulations.

- You can use features like IRM (Exchange Online mail encryption with AD RMS).

Reference article- https://docs.microsoft.com/en-us/microsoft-365/compliance/information-rights-management-in-exchange-online

- You can also use ATP:

Office 365 Advanced Threat ProtectionOffice 365 Advanced Threat Protection includes safe attachments, safe links, advanced anti-phishing tools, reporting tools and threat intelligence capabilities.docs.microsoft.com
   
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/office-365-atp

The above 2 features will secure your environment when your mailboxes are hosted on Office 365.
You can also opt for any third party solutions for spam filtering for more security so that any emails coming out and going in to Office 365 your organization will be scanned using third party spam filter.

More or less you will also have Office 365 spam filter.

You can also have SPF, DKIM and DMARC enabled for your domain for phising/spam

This is more then you expect and will help your emails security.
To Saif Shaikh:
Although the business has a registered Domain Name with GoDaddy, this was done primarily so that all end users could have a common email address ending with the same domain name.  The client PC's in use are NOT members of a domain.  That is, they are not in an environment where they get authenticated by a Domain Controller and/or are behind a company firewall.  These end users are independent contractors who are working in several different states.
So, your comment "You can also have SPF, DKIM and DMARC enabled for your domain for phising/spam" wouldn't really apply here?
ASKER CERTIFIED SOLUTION
Avatar of Saif Shaikh
Saif Shaikh
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
There are several components to this:

1) You need to have email encryption setup for sending of PHI (Automatic, with policy based encryption)
2) You need to use a company that has a BAA that can be viewed that states compliance, Office 365 MS is and there are other companies like Intermedia
3) You need to make sure you have a company like ZIX or other scan links and emails (an email gateway)
4) Setup proper DKIM, DMARC, and SPF
5) Use DNS Filtering of course as well

Best of Luck