One of the questions that was posed in todays Office 365 Security session hosted by Scorpion Software that I appeared on
https://www.youtube.com/watch?v=RvDB3vOFpEI&feature=player_embedded
was whether the data in Office 365 was encrypted ‘at rest’. I said that I thought it would be but as it turns out I was wrong. The following document:
Standard Response to Request for Information O365 – Security Privacy v2 – http://www.microsoft.com/en-us/download/details.aspx?id=26647
says clearly:
“Office 365 currently does not encrypt data at rest, however, the customer may do so through IRM or RMS.”
in multiple places (one instance is on p26, in the IS-18 Information Security Encryption section).
However, before everyone starts jumping up and down about this, can I ask whether the information on your local server is encrypted at rest? It can be (using Bit Locker and what not) but it isn’t be default I believe. However, I’d like to know the reason why it is not, so let me see what I can find on that score and report back.
CIAOPS 