Companies have security to consider with in-the-cloud Office

Share this article:

Audit, compliance and identity management issues must be sorted out prior to deploying Microsoft's planned in-the-cloud offerings for Office, security experts said Wednesday.

“It doesn't make it more or less vulnerable, but it does raise the requirement for doing a computer security audit on an off-premise based storage solution,” Matthew Cain, vice president and lead email analyst at Gartner, told SCMagazineUS.com Wednesday.

Microsoft on Tuesday announced that it is now building the product, with a likely availability date sometime in  2010, Cain said.

“We [also] would have to look at compliance implications, discovery implications, records management,” Cain said.

In February 2007, Google announced its own hosted business application suite -- Google Apps -- as a competitor to Office. Five months later, the internet giant acquired Postini, partly to secure those offerings.

Jon Oltsik, senior analyst at Enterprise Strategy Group, told SCMagazineUS.com Wednesday that the biggest issue with on-demand products is that of identity. He posed the question — if employees are accessing their applications in the cloud, how does one verify it is the user and not a third-party malicious hacker?

Oltsik said using strong passwords or strong authentication could help.

He added that once companies allow their sensitive data to be stored in a third-party facility, they must consider the integrity of the provider.

“They can say they do background checks, but how do you know that's true?”  Oltsik said. “You have to have some sort of audit privilege.”

As for vulnerabilities, moving Office to the cloud would place the patching burden on Microsoft itself, Oltsik said. (Microsoft still plans to offer users the option of on-premise software).

A Microsoft spokesman told SCMagazineUS.com Wednesday that home users will get Office web applications as an advertising-supported service through Office Live Workspace, and businesses can get it through a hosted subscription or through existing volume licensing programs.

Office Live Workspace currently uses Windows Live ID and takes advantage of Microsoft Forefront Security for SharePoint for virus protection.

For businesses that decide to host the Office web applications themselves (i.e., behind a corporate firewall), they would have to take the same security measures as they do with their current applications, the spokesman said.  

Cain said the benefit of on-demand Office is that users will have the content available to them on any device or location, allowing for easier collaboration.

“With this development, people can benefit from Office as a service on their browser, as a downloadable application on their phone, and as software on their PCs,” Microsoft Senior Vice President Chris Capossela said in a statement.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Information sharing requires breaking down barriers, White House cyber guru says

Information sharing requires breaking down barriers, White House ...

The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via ...

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts ...

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.