Will o365/SharePoint Online 2013 Content be encrypted at rest?
I think o365 exchange email content might already be encrypted at rest - basically meaning that even if you are able to get your hands on the hard drives or backup tapes, you can't really do anything with them as that data will only work with set MS
hardware that has the keys.
But, when will (if not already or ever) SPO content be afforded the same level of prote
December 13th, 2013 10:35pm
I believe the entire environment is encrypted at rest.
December 13th, 2013 10:36pm
I've been unable to find anything on the MS sites to confirm this. Would anybody have link to confirm this?
December 14th, 2013 3:37pm
This is something that Microsoft is looking on improving as they don't document this (unlike Google and Amazon).
December 14th, 2013 5:38pm
Anybody else want to chime in on this? Sounds like some sort of conspiracy to hide even the slightest information on how these data centers work?
December 19th, 2013 10:24pm
From Security in Office 365 White Paper (Word document):
Customer data in Office 365 exists in two states:
- At rest on storage media
- In transit from a data center over a network to a customer device
All email content is encrypted on disk using BitLocker Advanced Encryption Standard (AES) encryption. Protection covers all disks on mailbox servers and includes mailbox database files, mailbox transaction log files, search content index files, transport
database files, transport transaction log files, and page file OS system disk tracing/message tracking logs.
Office 365 also transports and stores secure/multipurpose Internet mail extensions (S/MIME) messages. Office 365 will transport and store messages that are encrypted using client-side, third-party encryption solutions such as Pretty Good Privacy
(PGP).
This applies to all data in Office 365, including SharePoint data (search content index files, database files, transaction log files, etc) in SharePoint O
December 20th, 2013 12:24am
awesome!
December 27th, 2013 10:37pm
Has anyone been able to get confirmation from Microsoft? The white paper and excerpt posted by Jason specifically calls out email.
"Protection covers all disks on mailbox servers and includes mailbox database files, mailbox transaction log files, search content index files, transport database files, transport transaction log files, and page file OS system disk tracing/message tracking
logs."
We have financial services and healthcare clients that are required (by law) to have certain types of data encrypted at rest. We have to be able to provide documentation, or a statement from Microsoft, that all data is (or can be) indeed encrypted at
rest (particularly documents started in SharePoint Online).
I know about IRM/MRS but this does not state the at rest data is encrypted. It says that files accessed/downloaded are encrypted as they are accessed. I interpret this to mean the at rest data is NOT encrypted.
February 18th, 2014 8:53pm
Meant to follow up on this. Our Microsoft Account Rep said that for SharePoint Online - Data is NOT encrypted at rest even after I forwarded that document to them. But they did say they were working on it.
February 19th, 2014 5:11am
Meant to follow up on this. Our Microsoft Account Rep said that for SharePoint Online - Data is NOT encrypted at rest even after I forwarded that document to them. But they did say they were work
February 19th, 2014 7:24pm
Trevor,
Can you provide a link or direct Microsoft source to confirm this?
It's just that this information has to come from Microsoft and we need to be able to point to the information for our security teams.
Mike
February 20th, 2014 7:10pm
I too am interested in finding documentation for this area. I am only able to find definite information on Exchange data however I am in the same circumstance where I need documentation to provide to another team, saying that data at rest in SharePoint
Online is also encrypted.
February 21st, 2014 7:34pm
I would like to know the official documented answer from Microsoft on this as well. No second hand yes it is or no it isn't.
I would like to create a list in SP online and store proprietary company info in it. Nothing like passwords but stuff I wouldn't want in the cloud unencrypted.
January 28th, 2015 9:24pm
jlongjr: The Office 365 whitepaper is correct as of when it was published and to my knowledge is still correct today. The feature you linked to in the roadmap is for introducing an advanced file encryption feature that allows users to encrypt files individually
with unique keys. This feature doesn't change the existing storarge-level encryption infrastructure.
January 28th, 2015 10:56pm
It's still nice to have official documentation on this. I found a white paper on the subject with the following.
Our latest encryption feature with which content in OneDrive for Business and SharePoint Online will be encrypted at rest will start rolling out to customers soon. With this, the encryption technology in Office
365 moves beyond a single encryption key per disk to deliver a unique encryption key per file. With this technology, every file stored in SharePoint Onlineincluding OneDrive for Business foldersis encrypted with its own key, and subsequent updates to the
file are encrypted with their own unique key as well. Your organizations files will be distributed across multiple Microsoft Azure Storage containers, each with separate credentials, rather than storing them all in a single database. By spreading encrypted
files across storage locations, encrypting the map of file locations itself, and physically separating master encryption keys from both content and the file map, this new encryption storage technology makes OneDrive for Business and SharePoint Online a highly
secure environment for your data.
http://www.microsoft.com/en-us/download/confirmation.aspx?id=26552
So the drive has always been encrypted but now all files will be encrypted. I will assume that since files are stored in the share point database this applies to the database as well. I wish I had a more clear answer on this.
But at this point for me it's clear there are many different layers of encryption and at no point is data ever transmitted or stored unencrypted. At least I hope.
-
Edited by
jlongjr
Wednesday, January 28, 2015 9:16 PM
January 29th, 2015 12:15am