Companies have security to consider with in-the-cloud Office

Share this article:

Audit, compliance and identity management issues must be sorted out prior to deploying Microsoft's planned in-the-cloud offerings for Office, security experts said Wednesday.

“It doesn't make it more or less vulnerable, but it does raise the requirement for doing a computer security audit on an off-premise based storage solution,” Matthew Cain, vice president and lead email analyst at Gartner, told Wednesday.

Microsoft on Tuesday announced that it is now building the product, with a likely availability date sometime in  2010, Cain said.

“We [also] would have to look at compliance implications, discovery implications, records management,” Cain said.

In February 2007, Google announced its own hosted business application suite -- Google Apps -- as a competitor to Office. Five months later, the internet giant acquired Postini, partly to secure those offerings.

Jon Oltsik, senior analyst at Enterprise Strategy Group, told Wednesday that the biggest issue with on-demand products is that of identity. He posed the question — if employees are accessing their applications in the cloud, how does one verify it is the user and not a third-party malicious hacker?

Oltsik said using strong passwords or strong authentication could help.

He added that once companies allow their sensitive data to be stored in a third-party facility, they must consider the integrity of the provider.

“They can say they do background checks, but how do you know that's true?”  Oltsik said. “You have to have some sort of audit privilege.”

As for vulnerabilities, moving Office to the cloud would place the patching burden on Microsoft itself, Oltsik said. (Microsoft still plans to offer users the option of on-premise software).

A Microsoft spokesman told Wednesday that home users will get Office web applications as an advertising-supported service through Office Live Workspace, and businesses can get it through a hosted subscription or through existing volume licensing programs.

Office Live Workspace currently uses Windows Live ID and takes advantage of Microsoft Forefront Security for SharePoint for virus protection.

For businesses that decide to host the Office web applications themselves (i.e., behind a corporate firewall), they would have to take the same security measures as they do with their current applications, the spokesman said.  

Cain said the benefit of on-demand Office is that users will have the content available to them on any device or location, allowing for easier collaboration.

“With this development, people can benefit from Office as a service on their browser, as a downloadable application on their phone, and as software on their PCs,” Microsoft Senior Vice President Chris Capossela said in a statement.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.