O365 backup - information security

[johannesk]

The O365 backup runs with a service account that has extensive privilage to all O365 mailboxes. That's understandable. But what think is most scary, is that anyone that can logon to the server running the O365 backup can thus open a backup of any mailbox. This makes anyone who as access, a potential suspect in a data leak situations. I can see in the logs, that it states that the backup was opened, but not by whom or what was restored.

For my company - if the console would ask for a password of the service account each time it was opened, that would make it possible to audit, who made a lookup for the password. And of course if the O365 backup log, would note what user opened the console and what data was restored, would also be great.

What do you think?

[Mike Resseler]

Hey Johannes,

Thanks for this feedback. You are right, if someone has the right to RDP to that box, he/she can open the backups. I understand the need for auditing and logs, and this is certainly something on the table for the next version(s). Any information you would like to see in those logs (or potential reports in the future) you can always tell us here. Certainly not making any promises, but we do discuss and look at every proposal made at these forums

Thanks
Mike

[johannesk]

If the O365 module had security like VBR console (Users and Roles under options) would increase the security alot.

Then if the log would tell you what user opened the console, and what emails were opened/downdloaded/restored, we would have someting to justify using the product. Also that would be vital information for auditors.

[Mike Resseler]

Understood and noted. No promises made but will certainly look into it

[itrabbit]

It would be really appreciated any one who attempts to open/view a mailbox or restore is prompted for a password with particular security permissions i.e exchange administrator before they can access it.

It is really scary you can just open the backups and they are there.

What about backup encryption, how can I encrypt the backups? Would like that too or both a password and encrypted backups. There is a lot of confidentiality surrounding this and being able to access mail like this is really too easy.

[Mike Resseler]

Thanks Matt,

Putting encryption on the running database might not be that easy (with that type of DB). I see your other requests and consider them noted

Thanks
Mike

[mboucher87]

Is there any logging done on when the Veeam Explorer for Exchange is used? ie a way to tell when someone used it, what they looked at etc.

[Polina]

Yep, all actions are looged: "<DriveLetter>:\ProgramData\Veeam\Backup\<ExplorerName>\Logs"