Office 365 Gets Customer Lockbox More

Cloud weary managers might have reason to reconsider using Office 365.

In an opening keynote at the RSA Conference in San Francisco this week, Scott Charney, Microsoft’s corporate vice president for Trustworthy Computing, announced Customer Lockbox for Office 365.

It may be the most important security announcement around Office 365 that Microsoft makes this year, according to Julia White, Microsoft’s general manager for Office Product Management.

Enhanced Controls

In the simplest of terms, once it’s rolled out, Customer Lockbox will give companies control over whether a Microsoft engineer can access their private information stored in its data centers.

In other words, Microsoft will have to receive unequivocal permission from customers within twelve hours of asking or the request will be considered denied.  Microsoft’s existing permissioning process is tight, but it does not include the customer.

Charney explained it this way in yesterday’s presentation:

"In the very rare instances when a Microsoft engineer needs to log into the Office 365 service to resolve a customer issue, they need to go through multiple levels of approval within Microsoft.

"By the end of this year, we will enable a new Customer Lockbox for Office 365, which brings the customer into the approval loop so that they can approve or reject a Microsoft engineer's request to log into the Office 365 service. Customer Lockbox significantly enhances both transparency and customers' control over their content in Office 365."

The feature is expected to be enabled for Exchange Online by the end of 2015, and for SharePoint Online by the first quarter of 2016, according to a blog post written by senior product marketing manager Vijay Kumar and Raji Dani, principal program manager for the Office 365 Security team.

Trust But Make It Easy to Verify

Transparency is becoming increasingly important in today’s world, especially when it comes to Cloud.

To win corporate trust (or just because it’s the right thing to do), Customer Lockbox activity will be available to customers via the Office 365 Management Activity logs so that it can be easily integrated  into customer security monitoring and reporting systems.

It’s in that light that Rajesh Jha, corporate vice president for the Office 365 team explained the new capabilities in a blog post:

“We currently provide customers with a range of logs on their user interactions with content in Office 365. This provides customers with visibility that is important for meeting business policies, as well as regulations. Today we are announcing the expansion of these logs to include the majority of user, admin and policy related actions across Exchange Online and SharePoint Online in Office 365. We are also introducing a new Office 365 Management Activity API through which customers and partners can use the logs as Security and Compliance signals within solutions that provide monitoring, analysis and data visualization.”

More Security for Email

Microsoft already offers content level encryption with per-file encryption for documents in SharePoint Online and OneDrive for Business. Over the next few months it will extend that capability for email in Office 365. The result? An added layer of security

This will manifest via Microsoft’s BitLocker service and increase the separation of server administration from the data stored in Office 365.

"This new layer of content level encryption uses keys that are protected using hardware security modules certified to FIPS 140-2 Level 2,” wrote Jha in a blog post.

Is Microsoft Ahead of the Competition?

That’s the big question and the easy answer is that in some places it is and in others it isn’t. When it comes to Enterprise File Sync and Share, competing services may have it beat, so it would be prudent to check out what VMware’s Secure Content Locker, EMC Syncplicity, Citrix ShareFile, Dropbox for Business, Accellion, Egnyte and Box, among others, have to offer as well.

Either way, we’re talking about moving targets when it comes to comparison. As much as vendors competing in this space will hate us saying it, today’s innovation is tomorrow’s table stakes.

What’s Microsoft’s edge? It’s Microsoft.

Creative Commons Creative Commons Attribution 2.0 Generic License Title image by rpongsaj.