Posts made in April, 2017

Five cloud security tips & tricks for Office 365

Posted by on Apr 10, 2017 in Cloud, Microsoft | 0 comments

Five cloud security tips & tricks for Office 365

In this post I wanted to cover five of my favourite cloud security tips & tricks for Office 365 and Azure.  Of course some of these features depend on the level of subscription you have and if you want to know more then all you have to do is contact AspiraCloud. So here are my top five cloud security tips & tricks for Office 365. Tell me more about Office 365 Enable or disable safety tips Log in to Office 365 as an administrator and click on the Admin tile. Follow the route Admin centers -> Security and Compliance Once in the Security and Compliance Page go to Threat management -> Mail filtering. Select the custom tab. You will see the Custom settings are off by default. Switch this on to allow you to alter settings. Expand the Default spam filter policy (always ON) section and click on the Edit policy button. Open the Spam and bulk actions section and scroll down. Here you will find the safety tips setting.   Using Rights Management Services to protect shared documents First, check your licensing under EM+S to make sure Azure Rights Management is switched on. If not, turn it on, like a light switch. Now you will need to install the Office 365 Add on and register. You must follow some set up instructions to make sure RMS is activated on your tenant. Sign in to Office 365 If the Office 365 admin centre does not automatically display, select the app launcher icon in the upper-left and choose Admin. The Admin tile appears only to Office 365 administrators. Use Search in Office 365 to find the Rights Management Settings portal. It’s not obvious where to find it. Activate RMS Now you can use the Office 365 Add on to protect documents. This will help https://docs.microsoft.com/en-gb/information-protection/deploy-use/activate-office365-preview You can download the Information Protection Client here https://www.microsoft.com/en-us/download/confirmation.aspx?id=53018   Where is my data? Sometimes you just want to be sure that you know where your data is stored.  Microsoft will have told you the location of your core data based on the data centers online at the time you set up your tenancy. Not really a security feature but certainly an important compliance feature for many customers. To find out: Log in to Office 365 as an administrator and click on the Admin tile. Follow the route Settings-> Organization profile Scroll down the content section until you see Data location. There is currently an option to request that data is moved to the UK data centers if your organization has specific residency requirements. 4. Security and Compliance Reports As a cloud customer, you want to be sure you are monitoring all potential threats coming in to your business. The security compliance dashboard will provide an instant snapshot of potential threats allowing you to dig deeper is you spot a problem. To get to this, assuming you have the right plans, log in to portal.office.com as an administrator. Log in to Office 365 as an administrator and click on the Admin tile. Follow the route Admin centers -> Security & Compliance Now click on Reports at the bottom of the list on the left. Select Dashboard From here you can spot the data category that interests you. Click on the tile to see more detail.   DLP (Data Loss Protection) Your organisation may set policies to protect sensitive data from leaving the business.  You might have rules that warn users if they are sending data that might need a second thought, for example a customer’s National Insurance or Credit Card details. You can set your own policies in the DLP section but much more important that setting the policy, make sure someone is monitoring the rules for transgressions. Log in to Office 365 as an administrator and click on the Admin tile. Follow the route Reports -> Security & Compliance Here you can see all the reports available to you, from spam detection, malware and even a check on the top users.  That might show you a suspect pattern worth investigating further. Now click on the relevant...

Read More

Busting the Myths around Cloud Security

Posted by on Apr 4, 2017 in Cloud, Law in the Cloud, Microsoft | 0 comments

Cloud services: A view of legal sector guidance I recently enjoyed a visit to one of the UK’s largest legal event specifically designed for lawyers and ambitious law firms seeking ground breaking innovations.  As you would expect the Cloud and Digital Transformation and Business Improvement were topics under discussion in every theatre. I did hear one speaker say “There are too many questions relating to Safe Harbour for commercial law firms to trust Office 365”.  I’ll be fair to the speaker in case I heard the line out of context, and just say that, without said context, this is #fakenews. Spend some time listening to Brad Smith, Microsoft’s President and Chief Legal Officer to know that there may be questions around trusting the cloud, but there are answered in detail in his many conference speeches readily available online. The Law Society of England and Wales and the Solicitors Regulation Authority have separately issued guidance setting out requirements and recommendations for solicitors using cloud computing solutions. Microsoft offers its approach to such guidance in this white paper. The paper articulates their view of how, as a cloud service provider, Microsoft enables firms to meet the standards and recommendations set out in such guidance and their compliance obligations. I’ve listed some of the top #fakenews items and myths surrounding the use of Cloud for commercial law firms. For each myth I have written a response and is followed up with chapter and verse from the Microsoft material with links to the relevant sites for further reading. But don’t just take my word for it.  If you want to speak to some of our customers who are already benefiting from a move to the cloud, email us and I will put you in touch. Microsoft will use your cloud data for advertising to customers. In fact… your data will never be used for anything other than the stated purpose defined by you. You are the data controller and you maintain ownership always.  Microsoft will not use your data for anything other than the purpose you define. Microsoft obtain third party audits and certifications so you can trust that their services are designed and operated with stringent safeguards. To address the requirement for processing only to be undertaken in accordance with a written contract, a data processing agreement and the EU Model Clauses are included by default in Microsoft’s Online Service Terms. The EU Model Clauses are prescribed by the European Commission for use when transferring personal data from within the EU to a country outside of the EU which does not have an “adequate” data protection regime. In their Online Services Terms, Microsoft expressly commit to process your data only pursuant to your instructions and not for any other purposes. Microsoft and the EU Model Clauses                    Microsoft Online Services Terms The Safe Harbour Regulations mean that foreign government and particularly the US authorities can access the data even though it is hosted in the UK.   In fact… in terms of compliance, Microsoft Cloud Services already meet the requirements of the EU GDPR and did so long before the courts ruled on Safe Harbour. Office 365 and Azure are available today and already help you meet the requirements of the EU-US privacy shield.  Microsoft is certified under the EU-US Privacy Shield framework which imposes stronger obligations on US companies to protect Europeans’ personal data and reflects the requirements of the European Court of Justice which ruled the previous Safe Harbour framework invalid. The Commission has formally adopted the EU-US Privacy Shield for transatlantic data transfers from the EU to the US. The new EU General Data Protection Regulation will apply form May 2018 and will cover UK data protection. Microsoft and the GDPR                            Microsoft and the EU-US Privacy Shield Microsoft can see all our data and read client confidential documents In fact… your data is encrypted at rest in the data centre and in transmission from the data centre to your PC.  Only if you give permission to a support engineer as part of a service request could they view data and that would be on your PC under your...

Read More