Geek Out with Perry is Back!

Perry Clarke

Perry Clarke is back to geek out with you through his blog and the Geek out with Perry video series.

In this edition, Perry is joined by a new co-host, Julia White to discuss what it looks like to run a secure service in Exchange Online. The discussion covers the investments in the data center as well as customer control features available in the service to help customers manage risks. Read the blog and check out the video to hear the full conversation.

If you want to geek out with Perry and the Exchange team join them at MEC 2014 in Austin, TX. Go to to learn more about the event and register today.

Brian Shiers
Technical Product Manager, Exchange

Comments (30)
  1. Anonymous says:

    @Joe: From June 6, 2013. Please click on the
    source link
    for complete details and time.

    There’s quite a bit of communication about this issue, including (but not limited to):

  2. Geek Out with Perry is Back!
    thank U

  3. Anonymous says:

    @Jerry: What specific assurances are you looking for?

  4. @Jerry, please allow me to ask the same of you and any others. What assurances would those be? I’m asking entirely out of curiosity and not creating deliverables.

  5. Anonymous says:

    @Joe, @Jerry: I've pointed you to some of our ongoing communication from Brad Smith, General Counsel & Executive Vice President, Legal & Corporate Affairs at Microsoft. The communication answers questions similar to the ones raised here.

    It's not a discussion we can effectively have in blog comments, particularly if you've made up your minds.

  6. Anonymous says:

    @Bill: See
    Statement of Microsoft Corporation on Customer Privacy
    . Microsoft has publicly stated the following:

    We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests
    about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don’t participate in it.

  7. bill says:

    No question and answer about NSA PRISM Backdoor Access to the Office 365 servers ;-)

  8. Jerry M. says:

    @Bharat – That’s not good enough. We need better assurances. We simply don’t trust you. So, how can we get around this stalemate?

  9. Joe says:

    @Bharat Suneja – The statement you provided is that from Before the NSA PRISM revelations or After the NSA PRISM revelations?

  10. Joe says:

    @Bharat Suneja – So the World found out about the NSA PRISM, and the NSA PRISM documentations showed everyone in the planet that Public Cloud servers / Office 365 servers have Backdoor Access and then MS saying No we are ok.

  11. Jerry M. says:

    @Bharat – Sorry, still don’t trust you. A lying person would say the exact same things, so I don’t know know what you could possibly say at this point to placate us. I do know that not only was your twitter account recently hacked by "the syrian army"
    or whomever, but very sensitive e-mail accounts that contained NSA requests were also hacked as well. You’ve now got OneDrive hooked into everyone’s local searches in Windows 8.

    What I want to know is what will you accept as consequences when we find out that stocks have been traded illegally because people were hacking into Office 365 accounts and nobody at Microsoft noticed? How are you ensuring that ALL of our data is completely
    encrypted? Just showing us articles that we have already read is pointless. We’ve read those and still don’t trust you enough to give you the benefit of the doubt. Call me what you will, but unless you can show me 100% that my data is 100% safe and there are
    zero attack points and such – I’m not going swimming in your pool that it appears people are peeing in.

  12. Anon says:

    @Jerry M – 100% safe = Private Cloud / On-Premises :-)

  13. Jerry dude says:

    Sounds to me that you won’t ever trust these folks. You won’t get a tour of the datacenter, so *exactly* what would it take? Independent audit? If so they do that. As part of the regular audit processes they have audit firms come in and examine for SSAE16
    reports and an alphabet soup of reports and certifications. What YOU need to do is add encryption BEFORE it gets up there wherby only YOU hold the encryption key because anything less is a cop out on your side. This is the reality folks, you should not trust
    you should encrypt before it gets it gets there dude.

  14. Jerry dude says:

    Read — And then since it’s clear that even with that you won’t trust them, then YOU need to add encryption and you control the
    encryption keys. Since ensuring that the NSA can’t control your email is a key business need here, that’s the way you do this. And by the way, what assurances do you have any anything else along the path to and from the Internet is similarly protected from
    the NSA’s prying eyes? Seriously, since words don’t cut it, encrypt it. You should be doing this now for your email transmissions.

  15. jim says:

    RSA & NSA had contracts LOL ……… ciphercloud & NSA has contract…………..

  16. Stewart says:

    @JerryDude – Nice, thank you for that information. CipherCloud IMO does indeed handle a number of security issues. I think that’s a decent compromise, but it does add quite a bit of cost. Should probably be part of the base O365 offering to have this feature,
    but if you need it, it’s nice to know you have it available.

  17. To Anon says:

    @Anon – there is no 100% safe even with on premises. Unless email is encrypted end to end, it’s not secure now. I’m not a fan of the financial model of the cloud – that is a monthly subscription fee model – but the idea that somehow on premises is more
    secure just because the server is in the room next to you… is not reality of how email is set up.

  18. Anon says:

    On-Premises you do NOT have Backdoor Access such as Public Cloud. In Public Cloud you are giving you data to whomever? and who knows what kind of Backdoor Access to your .edb files? So On-Premises with Encryption is safe :-)

  19. To Anon says:

    You are positive you are encrypting your on premises email from end to end now with you on premises deployment? I’m not.

  20. Jim Sullivan says:

    For those commenting: Have you watched the Geek Out video? Or parse through any of the links Bharat posted? :)

    @Bharat: Don't envy you having to deal with IT pros firmly in the on-premises camp (nothing wrong with that – do what works for you) and a bunch of trolls. Most are not interested in a professional discussion on this issue.

  21. Other choices says:

    @Jerry: You seriously have trust issues. Rather than wasting time arguing online about NSA and other speculation if you don’t trust Microsoft then change? You have a choice here is an open source option So rather than complaining
    or calling people liars. Just go find another email system that you trust.

  22. Patel says:

    I agree 100% with Jerry M.

  23. lee says:

    Jerry M is correct.

  24. George says:

    Save yourself all the Security Headaches such as NSA, Backdoor Access & other Security issues in the Public Cloud / Office 365 and Keep in it On-Premises and simple :-)……………….

  25. For George says:

    @George So you’re saying your on-prem is more secure than the O365 solution? What you mean is, save yourself the headache of the NSA requesting MS to give up info, but leave yourself open to many more likely security breaches w/ on-prem.

  26. George says:

    On-Premises I have my data. In the Public Cloud / Office 365 the Vendor has my data. Really you do NOT see the issue here? LOL

  27. Jack says:

    @George, Yep the vendor has my data with NSA Backdoor Access……….

  28. Jack says:

    And I am F-ed………..

  29. George says:

    It’s a shame no one has any enthusiasm about the Exchange product anymore. Microsoft hurt themselves badly by pushing the cloud too much. I wonder if Lotus will develop a decent e-mail product again?

  30. Jerry Young says:

    At the end of the day, Microsoft is legally compelled to comply. As a legal entity, the focus of Microsoft’s legal team will be on the legal position of the company, not the constitutional rights of the users, which are at the heart of the NSA PRISM program
    controversy. More importantly, perhaps, is what happens if a legal order is issued for access to a specific customer’s data by the government that results in other customers’ data being locked down, simply because they happen to share the same logical space,
    or may have been otherwise "a party of interest", yet committed no illegal actions – their only snag was that they were in some way logically related to the customer in question. Risk exists here. Each of us will need to assess the risk for ourselves, though.
    I personally find the risk too great, even with the best of intentions from Microsoft. But for small to medium businesses that don’t mind the shared infrastructure and don’t want to carry the burden of employment of properly skilled staff, it makes sense.
    I just wish Microsoft wouldn’t push it so hard on their enterprise customers. I think their time would be better spent fixing the issues and shortcomings of Exchange 2013.

Comments are closed.

Skip to main content