Search Sujata's Blogs

Monday, 23 March 2015

Cloud Services you can trust: Security, Compliance, and Privacy in Office 365

Hello!

This is Paresh once again. I've been asked by number of customers about the security of their data while choosing office 365 services as their preferred services option in cloud. Hence, I thought rather repeating my talk here, let the Microsoft team address the concerns of customers about the data security. Please read below blog by Microsoft. Good news is Microosft is about to build data centres in India which should give relief to some customers. 


Source of information: microsoft's office blogs
Written by: Office 365 Team

When you make a decision to place your trust in a cloud services provider for productivity services, security, compliance, and privacy are top of mind. With over a billion customers on Office and decades of experience running online services, we understand what it takes to earn and continue to maintain your trust and confidence in Office 365.

Our construct for security, compliance, and privacy in Office 365 has two equally important dimensions: Built-in capabilities that include service-wide technical capabilities, operational procedures, and policies that are enabled by default for customers using the service; and Customer controls that include features that enable you to customize the Office 365 environment based on the specific needs of your organization.

We will look at Built-in capabilities and Customer controls for each of the key pillars of trust – Security, Compliance, and Privacy – in more detail below.

Security

Security of our customers’ information is a key trust principle. We implement policies and controls to safeguard customer data in the cloud and provide unique customer controls that you can use to customize your organizational environment in Office 365.

Built-in capabilities

As an Office 365 customer, you will benefit directly from in-depth security features that we have built into the service as a result of experience gained from years of building enterprise-grade software, managing a number of online services and billions of dollars in security investments. We have implemented technologies and processes that are independently verified to ensure high security of customer data.

Some key aspects of our built-in security capabilities are:

Physical security – We monitor our data centers 24/7 and we have technologies and processes to protect our data centers from unauthorized access or natural disasters
Security best practices -We use best practices in design like Secure Development Lifecycle and operations like defense-in-depth to keep your data secure in our data centers
Data encryption – Every customers’ email content is encrypted at rest using BitLocker Advanced Encryption Standard (AES) encryption
Secure network layer – Our networks are segmented, providing physical separation of critical back-end servers from the public-facing interfaces at the same time our Edge router security detects intrusions and signs of vulnerability
Automated operations like Lock Box processes – Access to the IT systems that store customer data is strictly controlled via lock box processes. This access control mechanism is similar to a system where two people have to turn the key for an action to be allowed.
Customer controls

As a result of Office 365 offering productivity services to a wide range of industries, we have built both features and choices that you can control to enhance the security of data based on the needs of your organization.

Some key aspects of our customer controls for security are:

Exchange Hosted Encryption – Enables delivery of confidential business communications safely, letting users send and receive encrypted email directly from their desktops as easily as regular email.
S/MIME - Enables encryption of an email messages and allows for the originator to digitally sign the message to protect the integrity and origin of the message. As part of our continued investment in security technologies that Government and Security conscious customers care about, we are adding support for S/MIME for Office 365 in the first quarter of Calendar Year 2014.
Rights Management Services – Enables a user to encrypt information using 128-bit AES and use policies on email or documents so that the content is appropriately used by specified people.
Role based access control – Allows administrators to enable access to authorized users based on role assignment, role authorization and permission authorization.
Exchange Online Protection - Allows administrators to manage your company’s Anti-virus and Anti-spam settings from within the Office 365 administration console.
Identity Management - Provides organizations with various options for identity management such as cloud based identity, identities mastered on-premises with secure token based authentication or hashed passwords to integrate into the Office 365 identity management system based on the security needs of your organization.
Two factor Authentication – Enhances security in a multi-device, mobile, and cloud-centric world by using a second factor, such as a PIN, in addition to the primary factor which is identity.
Compliance

Another key principle of Office 365 trust is Compliance.  It is expected that commercial organizations have regulations and policies that they must comply with to operate businesses in various industries. These policies can be a mix of external regulatory requirements that vary depending on industry and geographical location of the organization and internal company-based policies.  Office 365 provides built-in capabilities and customer controls to help customers meet both various industry regulations and internal compliance requirements.

Built-in capabilities

Office 365 stays up-to-date with many of today’s ever-evolving standards and regulations, giving customers greater confidence.  To bolster this and to continue earning your confidence, we undergo third-party audits by internationally recognized auditors as an independent validation that we comply with our policies and procedures for security, compliance and privacy.

Some key aspects of built-in compliance capabilities are:

Independently Verified - Third party audits verify that Office 365 meets many key world-class industry standards and certifications
Control framework - We follow a strategic approach of implementing extensive standard controls that in turn satisfy various industry regulations. Office 365 supports over 600 controls that enable us to meet complex standards and offer contracts to customers in regulated industries or geographies, like ISO 27001, the EU Model Clauses, HIPAA Business Associate Agreements, FISMA/FedRAMP
Comprehensive Data Processing Agreement - Our Data Processing Agreement comprehensively addresses privacy and security of customer data, helping customers comply with local regulations
Customer Controls

We provide Compliance controls within the service to help our customers comply based on the policy needs of their organization.

Some key customer controls for compliance are:

Data Loss Prevention – Helps customers to identify, monitor and protect sensitive data through content analysis
Archiving – Allows organizations to preserve electronically stored information retaining e-mail messages, calendar items, tasks, and other mailbox items
E-Discovery – Permits customers to retrieve content from across Exchange Online, SharePoint Online, Lync Online, and even file shares
Privacy

Privacy is our third trust principle.  As more and more customers are relying on online service providers to keep their data safe from loss, theft, or misuse by third parties, other customers, or even the provider’s employees, we recognize that cloud services raise unique privacy questions for businesses.

To meet your needs, we are continually developing technologies to enhance privacy in our services. We call this privacy by design – which is our commitment to use best practices to help protect and manage customer data.

Built-in Capabilities

Key built-in capabilities and principles of Privacy in Office 365 are:

No Advertising – We do not scan email, documents, build analytics or data mine to build advertising products. In fact, we do not use your information for anything other than providing you services you have subscribed for.
Data Portability – As an Office 365 customer, your data belongs to you, and you can export your data at any time with no restrictions. We act only as a data processor and provider of productivity services, not as a data owner
Notice and Consent – When we act upon your data, we let you know why and we ask for permission in advance or redirect any enquiries to our customers unless legally prevented to do so.
Breach Response – We have strong, tested and audited processes to inform you if there is a breach and remediate issues if they occur.
Data Minimization – We strive to minimize the actual amount of customer data that our internal teams have access to.
Customer Controls

In addition to built-in capabilities, Office 365 enables you to collaborate through the use of transparent policies and strong tools while providing the distinct ability to control information sharing.

Some examples of customer controls for privacy are:

Rights Management in Office 365 - Allows individuals and administrators to specify access permissions to documents, workbooks, and presentations. This helps you prevent sensitive information from being printed, forwarded, or copied by unauthorized people by applying intelligent policies
Privacy controls for sites, libraries and folders- SharePoint Online, a key component service of Office 365 that provides collaboration functionality has a number of privacy controls. One example is that SharePoint Online sites are set to “private” by default. A second example is that a document uploaded to a SkyDrive Pro is not shared until the user provides explicit permissions and identifies who to share with.
Privacy controls for communications - In Lync Online, another key component service that provides real time communications in Office 365, there are various administrator level controls as well as user level controls to enable or block communication with external users and organizations. One example is blocking access to federation in Lync. Similarly there are controls throughout the service for the admins and users to ensure privacy of their content and communications.
At Microsoft, we have been building Enterprise software for over two decades and we run over 200 online services. We bring all of this experience to Office 365 to give you industry leading capabilities in security, compliance and privacy. In addition, we take the advantage of scale and continuous feedback from providing services to a diverse customer base across industry and geography to constantly learn and improve the Office 365 services. Security, Compliance and Privacy are the key pillars of the Office 365 Trust Center (the other two pillars being Transparency and Service Continuity). Customers can have confidence that Microsoft is a thought leader and will continue to make deep investments to protect customers in the cloud.

Extended email retention for deleted items in Office 365

Source of information:Office blogs 

Written by: Microsoft office 365 team 

We’ve all been there, you search for an email or calendar invite in Outlook only to find that it isn’t there anymore. Until now deleted items were moved into the Deleted Items folder, then they would disappear after being in that folder for 30 days. With this update, the length of time items remain in the Deleted Items folder is extended to indefinitely or according to the duration set by your administrator. So that email or calendar invite you were looking for is still there if you search for it later—even if you accidentally deleted it.

If you are an Office 365 administrator, this means we’ll be updating the Default MRM Policy for everyone using Exchange Online over the next month. As an administrator, you also have control over this behavior. If you want to keep the 30-day policy or set a custom retention period, that can be done as well and you don’t even need to wait for the change. Also, if you have already created a custom MRM policy, (as long as it has a name other than “Default MRM Policy”), you don’t need to do anything and the change will not impact you.

Create a custom retention policy

You can either edit the name of the Default MRM Policy or create a new policy to opt out of this change. To change the policy name in Office 365 navigate to Office 365 Admin >Exchange admin center > compliance management > retention policies. Next, select Default MRM Policy, click the edit icon and then change the name of the policy.

Extended email retention  1

Exchange admin center for compliance management and retention policies.

Extended-email-retention-2-edit

Editing experience for retention policies.

Now your policy will not be overwritten and will maintain the settings you’ve specified.

Frequently asked questions

Q. Will this be only for new users or will this policy change for all my users who are already in Office 365?

A. This change will affect all existing and new users in your Office 365 tenant who have been assigned the Default MRM Policy.

Q. What if I customized the Default MRM Policy with other settings and properties, but did not rename it?

A. Modifying the properties in the Default MRM Policy alone will not exclude it from being overwritten by this change. If you have customized your Default MRM Policy and kept the original name, the change will still apply.

Q. Does this policy apply to the Recoverable Items folder?

A. No the change does not apply to the Recoverable Items folder. It is only for the visible Deleted Items folder.

Q. If I already have a custom retention policy, will it also be changed to this new default? 

A. No, custom policies that you have created will not be modified. For example, if the admin has added extra tags, modified the retention period, modified retention enabled of an existing tag etc. the new behavior will not be enforced.

Q. Does this change affect “Move to Archive” actions on the Deleted Items folder?

A. No, this change will not affect any explicit tags set by the users on items in the Deleted Items folder.

Q. If there is a “Move to Archive” action on the Deleted Items folder will that be affected?

A. No, the change will not affect any “Move to Archive” actions on the Deleted Items folder.

Q. Will this change apply both to the primary and personal archive mailbox Deleted Items folders?

A. Yes, the change will apply for the Deleted Items folder in both the primary and archive mailbox.

Q. Will this change affect a Litigation Hold or In-Place Hold?

A. No, this will not an affect Ligation Hold or In-Place Hold.

Q.  How is Microsoft implementing this change?

A. We are instructing the system to ignore the 30 day delete tag on the Deleted Items folder if the retention policy’s name is “Default MRM Policy.” This is why changing the policy name will ensure that the tag continues to work. We are not removing or disabling the tag.


Wednesday, 4 March 2015

Introducing Panasonic Toughbook and Toughpads - Available in India Now.

Dear Sir / Madam

I am happy to tell you that Sujata Computers Pvt Ltd has been appointed a distributor for “toughbooks” and “toughtpads” of Panasonic and now it is available in India. 

Toughbooks are laptops, Toughpads are tablet-pcs which are rugged and can be used under extreme or harsh environment. They can be used in noisy environment, in an dusty air or when it is drizzling. Obviously, as the name suggests they are built by tougher material than the traditional commercial laptops and tablet-pcs.

Please reach out to us for discussion or for a demo –
Mobile - +91-8805162400 | +91-7276000222

Check out full range of Toughbooks and Toughpads here -