Office 365 Continues to Address the Cloud Weary
In order to address some user’s concerns regarding cloud computing, cloud providers normally provide customers complete control over their data, including encryption keys. In this vein Microsoft has been regularly unveiling features in that vein for Azure, and yesterday, Microsoft took some more steps in that direction with Office 365.
The features are about more than just providing customer with more control of their data. Microsoft also addressed a long-standing problem among most cloud providers.
How can the customer be sure the provider does not mess with user data, and what happens when the provider has no choice but to do so?
Apparently Microsoft’s answer is Customer Lockbox. This is a new Office 365 feature that apparently gives customers highly granular control over their Office 365 account whenever a Microsoft engineer needs to access content stored within.
According to Jake Zborowski, group manager lead for Office 365, engineers by default don’t have access to service operations and have to go through a rigorous multistage process to obtain access to customer’s data. Customer Lockbox places key parts of Microsoft’s abstraction process into the hands of the customer, which is where the control should be. If a user has a corrupted mailbox, for instance, he (or she) would submit a trouble ticket as usual. An engineer would then be assigned a specific set of credentials valid only for accessing the needed resources for a short time, and they won’t work unless the customer explicitly approves the request for said access.
It is obvious that Microsoft’s theory is that by making the process so transparent, customers can trust Microsoft and will feel less hesitant about committing valuable data to any of its services.
Another improvement here addresses a slightly less important issue, but no less pressing problem.
How do I audit how my organization uses Office 365?
The answer here is through the Office 365 Management Activity API. Data obtained from that RESTful API describes who’s doing what and with whose data in SharePoint Online, Exchange Online, and Azure Active Directory. Customer Lockbox activity, too, is made available through this interface.
And a third new Office 365 feature designed to further drive customer trust is per-file encryption and expanded data-loss prevention technology for data stored in Sharepoint Online and OneDrive for Business. The most likely and obvious point of further integration for those features, and the others unveiled, is with Azure’s recently introduced key management technology.
These new features set the stage to allow customers to manage encryption keys themselves, which Microsoft is expected to announce sometime in 2016 for SharePoint Online.