Maintain control of your Microsoft Office 365 email data
mcz
Expert
Posts: 211
Liked: 26 times
Joined: Jul 19, 2016 8:39 am
Full Name: Michael
Contact:

encryption possible?

Post by mcz » Oct 31, 2016 9:16 am

Hi guys,

I am missing the functionality to encrypt my office365 backup. Is this not part of the beta?
By the way: Will there be a full integration into veeam b & r when the product goes rtm?

Thank you!

russell01
Veeam ProPartner
Posts: 9
Liked: 1 time
Joined: Oct 28, 2016 1:46 pm
Contact:

Re: encryption possible?

Post by russell01 » Oct 31, 2016 9:43 am

+1 for this - Encryption is a must have feature

Vitaliy S.
Veeam Software
Posts: 21395
Liked: 1273 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: encryption possible?

Post by Vitaliy S. » Oct 31, 2016 9:50 am

What kind of integration are you searching for? Do you want to use backup repository encryption, backup copy jobs and built-in Explorer functionality?

mcz
Expert
Posts: 211
Liked: 26 times
Joined: Jul 19, 2016 8:39 am
Full Name: Michael
Contact:

Re: encryption possible?

Post by mcz » Oct 31, 2016 10:11 am

the backup itself should be encrypted and it would be nice to manage the whole office 365-thing from the common b & r console. But I would say encryption is a must have.

Vitaliy S.
Veeam Software
Posts: 21395
Liked: 1273 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: encryption possible?

Post by Vitaliy S. » Oct 31, 2016 11:04 am

Ok, thanks for sharing your ideas! When this product goes GA, there will be no integration with Veeam B&R, however based on the feedback we receive, it can be added in our next releases.

akz11
Novice
Posts: 4
Liked: never
Joined: Apr 06, 2017 1:07 pm
Contact:

Re: encryption possible?

Post by akz11 » May 11, 2017 11:20 am

+1 for encryption at rest.

Mike Resseler
Veeam Software
Posts: 4668
Liked: 498 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: encryption possible?

Post by Mike Resseler » May 11, 2017 11:51 am

Hi @akz11,

Encryption at rest is not included at this moment. The data is also stored in a running database of the type Jet Blue. Does bitlocker on the volume where you store your data a solution?

mcz
Expert
Posts: 211
Liked: 26 times
Joined: Jul 19, 2016 8:39 am
Full Name: Michael
Contact:

Re: encryption possible?

Post by mcz » Dec 04, 2017 3:52 pm

Hi Mike,

any news? I know that it's not that easy to implement encryption with Jet Blue databases but you know, compliance and (data) security is a very important part, especially when you are using air-gapped-backups which are not on premises...

Mike Resseler
Veeam Software
Posts: 4668
Liked: 498 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: encryption possible?

Post by Mike Resseler » Dec 04, 2017 3:58 pm

Michael,

Not sure what you mean by this. If you use air-gapped-backups, does that mean you backup the VBO VM with VBR? In that case you can put encryption on the backup?

mcz
Expert
Posts: 211
Liked: 26 times
Joined: Jul 19, 2016 8:39 am
Full Name: Michael
Contact:

Re: encryption possible?

Post by mcz » Dec 04, 2017 4:01 pm

Mike I mean we are copying repository's content to another location. Unfortunatley our backup repository is on a NAS (iSCSI) and therefore we cannot backup it up via veeam (or better said not yet ;))

Mike Resseler
Veeam Software
Posts: 4668
Liked: 498 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: encryption possible?

Post by Mike Resseler » Dec 04, 2017 4:03 pm

In that case, still no encryption. As said above, bitlocker is a way to do it, but I guess that won't work on your NAS either. I am not aware of potential encryption on a JetBlue database at this moment but to restore data, you will need the organization username and password.

Just opening the database will give you a lot of columns and tables, but it won't make any sense :-)

quincy71q
Service Provider
Posts: 5
Liked: never
Joined: Sep 15, 2016 2:53 pm
Full Name: Quincy de Jong
Contact:

Re: encryption possible?

Post by quincy71q » Mar 11, 2018 8:38 am

Mike

I would like to start hosting tenets data on my environment, I can split the tenets so that they cant see each other data but what stops anyone on the SP side from accessing any data in the backups.
Ideally each tenet should be able to encrypt/lock down a backup so that I as service provider don't have access to the whole organisations email

Mike Resseler
Veeam Software
Posts: 4668
Liked: 498 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: encryption possible?

Post by Mike Resseler » Mar 12, 2018 6:11 am

Hi Quicncy,

Understood the use-case. But as you can see above we don't have it at this moment. This is certainly something we have in mind but the next version won't contain it. We are focused on delivering the SharePoint and OneDrive requirements first. After that we can put it on the table again

krakhger
Service Provider
Posts: 2
Liked: never
Joined: Dec 16, 2016 6:03 pm
Contact:

Re: encryption possible?

Post by krakhger » Mar 23, 2018 10:49 am

Hi all!
I am hosting office 365 backup for some small tenants. This is because they have only Laptops and iOS devices and no infrastructure for doing Office365 Backup.


I figured out that on my infrastructure I can open the backup with Veeam Explorer for Exchange without needing any password.
Regarding GDPR I am a processor, if I even store personal data for a customer. But if the data are encrypted, they are temporarely no personal data until decryption. So if I had only encrypted data on my repositories, I am not a processor and not affected by GDPR.

A Customer asked me to evaluate this regarding GDPR compliance, and I am afraid, this procedure is not compliant because anyone how get the files can access the data.
Ok, I can encyrpt the Storage where the office 365 files reside on. It is also not possible to copy the adb files because the office 365 Service keeps it locked. But every support engineer who as access to the infrastructure has also access to the tenants data.

In my opinion, to be able to operate Veeam Backup for Microsoft Office 365 and to avoid to be a processor, the data must be encrypted.
This is my private Technical Point of view, I am not a laywer!

Gerhard

Mike Resseler
Veeam Software
Posts: 4668
Liked: 498 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: encryption possible?

Post by Mike Resseler » Mar 23, 2018 11:36 am 1 person likes this post

Hi Gerhard,

First: welcome to the forums!

To make sure we are on the same page. You are storing data, so you are a processor. No matter if it is encrypted or not. Being a processor under GDPR is defined very broad, and simply storing data makes you already a processor.

That being said: it is not because you have access to the files that you are not compliant. However, as a processor, you do need to be able to audit that access. Inside the solution, we are building logging (for the next version) that will allow you to audit who has opened Veeam explorer for exchange, what he or she has done (including previewing data) and what he/ she has restored. That is step 1.

I am very much aware that this is not enough, on the file level (through windows auditing) you will most probably need to do the same thing (or if you have another 3rd party solution for that). In the end, every "workload" can be temporary stopped and files can be copied. This goes for this solution but also for VMs, for files if you are hosting file services or even websites. Which means that every IT administrator in your environment can be doing unauthorized things.

A next step (as I said already above) is to take it one step further and get encryption at rest with a key (or keys) that are only known by tenants. But even in that case, you will have to do more as I explained above.

To conclude, trying to make sure that you as a processor don't have access to data is practically impossible, and it is also not forbidden. But being able to audit what is going on is possible and is necessary for audits and research in case something happens

Makes sense?

Cheers
Mike

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests