Companies have security to consider with in-the-cloud Office

Share this article:

Audit, compliance and identity management issues must be sorted out prior to deploying Microsoft's planned in-the-cloud offerings for Office, security experts said Wednesday.

“It doesn't make it more or less vulnerable, but it does raise the requirement for doing a computer security audit on an off-premise based storage solution,” Matthew Cain, vice president and lead email analyst at Gartner, told SCMagazineUS.com Wednesday.

Microsoft on Tuesday announced that it is now building the product, with a likely availability date sometime in  2010, Cain said.

“We [also] would have to look at compliance implications, discovery implications, records management,” Cain said.

In February 2007, Google announced its own hosted business application suite -- Google Apps -- as a competitor to Office. Five months later, the internet giant acquired Postini, partly to secure those offerings.

Jon Oltsik, senior analyst at Enterprise Strategy Group, told SCMagazineUS.com Wednesday that the biggest issue with on-demand products is that of identity. He posed the question — if employees are accessing their applications in the cloud, how does one verify it is the user and not a third-party malicious hacker?

Oltsik said using strong passwords or strong authentication could help.

He added that once companies allow their sensitive data to be stored in a third-party facility, they must consider the integrity of the provider.

“They can say they do background checks, but how do you know that's true?”  Oltsik said. “You have to have some sort of audit privilege.”

As for vulnerabilities, moving Office to the cloud would place the patching burden on Microsoft itself, Oltsik said. (Microsoft still plans to offer users the option of on-premise software).

A Microsoft spokesman told SCMagazineUS.com Wednesday that home users will get Office web applications as an advertising-supported service through Office Live Workspace, and businesses can get it through a hosted subscription or through existing volume licensing programs.

Office Live Workspace currently uses Windows Live ID and takes advantage of Microsoft Forefront Security for SharePoint for virus protection.

For businesses that decide to host the Office web applications themselves (i.e., behind a corporate firewall), they would have to take the same security measures as they do with their current applications, the spokesman said.  

Cain said the benefit of on-demand Office is that users will have the content available to them on any device or location, allowing for easier collaboration.

“With this development, people can benefit from Office as a service on their browser, as a downloadable application on their phone, and as software on their PCs,” Microsoft Senior Vice President Chris Capossela said in a statement.

Share this article:

Sign up to our newsletters

More in News

Pentagon to triple its security workforce by 2016

Pentagon to triple its security workforce by 2016

Defense Secretary Chuck Hagel recently announced the recruitment efforts during a speech in Fort Meade, Md.

Tech manufacturer's online payment system breached

LaCie confirmed an unauthorized party used malware to access its online payment system for almost a year and could have stolen customer information.

The Heartbleed bug works, and could be a scapegoat for older breaches

The Heartbleed bug works, and could be a ...

Researchers proved the Heartbleed bug was real in a challenge issued by CloudFlare to prove private keys can be stolen, right around the time companies are claiming they were breached ...