One of the questions that was posed in todays Office 365 Security session hosted by Scorpion Software that I appeared on
was whether the data in Office 365 was encrypted ‘at rest’. I said that I thought it would be but as it turns out I was wrong. The following document:
Standard Response to Request for Information O365 – Security Privacy v2 – http://www.microsoft.com/en-us/download/details.aspx?id=26647
“Office 365 currently does not encrypt data at rest, however, the customer may do so through IRM or RMS.”
in multiple places (one instance is on p26, in the IS-18 Information Security Encryption section).
However, before everyone starts jumping up and down about this, can I ask whether the information on your local server is encrypted at rest? It can be (using Bit Locker and what not) but it isn’t be default I believe. However, I’d like to know the reason why it is not, so let me see what I can find on that score and report back.