The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/810339
52 PEER TO PEER: THE QUARTERLY MAGAZINE OF ILTA | SPRING 2017 FEATURES Here or There: Exchange On-Premises Versus Exchange Online hybrid configuration between on-premises and the cloud and dynamically move data between the two as client/maers allow or dictate. Considerations can include the client's preferences or investments. A client, for example, invested in on-premises technology might be offended by cloud storage. And while many banks have adopted Office 365, some don't want their representation to do the same. Who Can Access Your Data? Undeniably, the cloud affords you less sovereignty over your data. In particular, many Am Law 50 firms are concerned over the U.S. government's ability to ask a vendor for your data in a "blind subpoena." At least if your firm is being subpoenaed directly, you will know and can respond accordingly. As unlikely as such a scenario is, it may be a deal-breaker for some. As for access by the vendor itself, Vijay Kumar and Raji Dani of Microso wrote in a 2015 blog, "In our efforts to maximize data security and privacy for Office 365 customers, we have engineered the service to require nearly zero interaction with customer content by Microso employees." Office 365 has a few encryption options to help you control access, though at this time none of them would technically prevent compliance with an issued blind subpoena: » Customer Lockbox for Office 365: This will not prevent a blind subpoena but will inject a customer approval into the workflow that initiates when a Microso engineer requests access to your data. » Bring Your Own Key: Generate a tenant key that meets your security policies and securely pass it to Microso. You will be able to see logs from Azure Information Protection of how and when your key is being used. Data are unencrypted during operations to allow Microso services to access, search, reason, etc., over your data. The only supported scenario for revoking the key you issue and provide to Microso is during an ooarding event from Office 365. » Hold Your Own Key: Generate your own key and hold onto it without providing it to Microso. This will break all value-added features, such as antivirus, searching and integration between Office 365 suite components. You won't have crucial features, but it will solve the problem of unwanted access. Physical security in the data centers is tight and well beyond anything that most firms could provide at a reasonable cost. Your data could be anywhere, and they are unlabeled in the data center. Yours will be among an anonymous many, and it would be virtually impossible for someone to compromise the robust physical security measures in place and access your data physically in the data center. As for vulnerabilities and exploits, Exchange Online wins. The latest security patches are always applied, so it is continuously up to date. As Exchange Online integrates well with mobile platforms and BYOD solutions, IT administrators also have more control over the devices that connect to their firm's data and can monitor them closely. Downtime typically totals six hours in a year, which is better than a firm averages with an on-premises environment. Operations Response Team (limited to key personnel) Support Organization Engineering Partners Others at Microsoft WHO AT MICROSOFT HAS ACCESS