encryption possible?

Maintain control of your Microsoft Office 365 email data

encryption possible?

Veeam Logoby mcz » Mon Oct 31, 2016 9:16 am

Hi guys,

I am missing the functionality to encrypt my office365 backup. Is this not part of the beta?
By the way: Will there be a full integration into veeam b & r when the product goes rtm?

Thank you!
mcz
Expert
 
Posts: 203
Liked: 19 times
Joined: Tue Jul 19, 2016 8:39 am
Full Name: Michael

Re: encryption possible?

Veeam Logoby russell01 » Mon Oct 31, 2016 9:43 am

+1 for this - Encryption is a must have feature
russell01
Veeam ProPartner
 
Posts: 8
Liked: 1 time
Joined: Fri Oct 28, 2016 1:46 pm

Re: encryption possible?

Veeam Logoby Vitaliy S. » Mon Oct 31, 2016 9:50 am

What kind of integration are you searching for? Do you want to use backup repository encryption, backup copy jobs and built-in Explorer functionality?
Vitaliy S.
Veeam Software
 
Posts: 20991
Liked: 1248 times
Joined: Mon Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov

Re: encryption possible?

Veeam Logoby mcz » Mon Oct 31, 2016 10:11 am

the backup itself should be encrypted and it would be nice to manage the whole office 365-thing from the common b & r console. But I would say encryption is a must have.
mcz
Expert
 
Posts: 203
Liked: 19 times
Joined: Tue Jul 19, 2016 8:39 am
Full Name: Michael

Re: encryption possible?

Veeam Logoby Vitaliy S. » Mon Oct 31, 2016 11:04 am

Ok, thanks for sharing your ideas! When this product goes GA, there will be no integration with Veeam B&R, however based on the feedback we receive, it can be added in our next releases.
Vitaliy S.
Veeam Software
 
Posts: 20991
Liked: 1248 times
Joined: Mon Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov

Re: encryption possible?

Veeam Logoby akz11 » Thu May 11, 2017 11:20 am

+1 for encryption at rest.
akz11
Novice
 
Posts: 4
Liked: never
Joined: Thu Apr 06, 2017 1:07 pm

Re: encryption possible?

Veeam Logoby Mike Resseler » Thu May 11, 2017 11:51 am

Hi @akz11,

Encryption at rest is not included at this moment. The data is also stored in a running database of the type Jet Blue. Does bitlocker on the volume where you store your data a solution?
Mike Resseler
Veeam Software
 
Posts: 4225
Liked: 471 times
Joined: Fri Feb 08, 2013 3:08 pm
Location: Belgium, the land of the fries, the beer, the chocolate and the diamonds...
Full Name: Mike Resseler

Re: encryption possible?

Veeam Logoby mcz » Mon Dec 04, 2017 3:52 pm

Hi Mike,

any news? I know that it's not that easy to implement encryption with Jet Blue databases but you know, compliance and (data) security is a very important part, especially when you are using air-gapped-backups which are not on premises...
mcz
Expert
 
Posts: 203
Liked: 19 times
Joined: Tue Jul 19, 2016 8:39 am
Full Name: Michael

Re: encryption possible?

Veeam Logoby Mike Resseler » Mon Dec 04, 2017 3:58 pm

Michael,

Not sure what you mean by this. If you use air-gapped-backups, does that mean you backup the VBO VM with VBR? In that case you can put encryption on the backup?
Mike Resseler
Veeam Software
 
Posts: 4225
Liked: 471 times
Joined: Fri Feb 08, 2013 3:08 pm
Location: Belgium, the land of the fries, the beer, the chocolate and the diamonds...
Full Name: Mike Resseler

Re: encryption possible?

Veeam Logoby mcz » Mon Dec 04, 2017 4:01 pm

Mike I mean we are copying repository's content to another location. Unfortunatley our backup repository is on a NAS (iSCSI) and therefore we cannot backup it up via veeam (or better said not yet ;))
mcz
Expert
 
Posts: 203
Liked: 19 times
Joined: Tue Jul 19, 2016 8:39 am
Full Name: Michael

Re: encryption possible?

Veeam Logoby Mike Resseler » Mon Dec 04, 2017 4:03 pm

In that case, still no encryption. As said above, bitlocker is a way to do it, but I guess that won't work on your NAS either. I am not aware of potential encryption on a JetBlue database at this moment but to restore data, you will need the organization username and password.

Just opening the database will give you a lot of columns and tables, but it won't make any sense :-)
Mike Resseler
Veeam Software
 
Posts: 4225
Liked: 471 times
Joined: Fri Feb 08, 2013 3:08 pm
Location: Belgium, the land of the fries, the beer, the chocolate and the diamonds...
Full Name: Mike Resseler

Re: encryption possible?

Veeam Logoby quincy71q » Sun Mar 11, 2018 8:38 am

Mike

I would like to start hosting tenets data on my environment, I can split the tenets so that they cant see each other data but what stops anyone on the SP side from accessing any data in the backups.
Ideally each tenet should be able to encrypt/lock down a backup so that I as service provider don't have access to the whole organisations email
quincy71q
Service Provider
 
Posts: 5
Liked: never
Joined: Thu Sep 15, 2016 2:53 pm
Full Name: Quincy de Jong

Re: encryption possible?

Veeam Logoby Mike Resseler » Mon Mar 12, 2018 6:11 am

Hi Quicncy,

Understood the use-case. But as you can see above we don't have it at this moment. This is certainly something we have in mind but the next version won't contain it. We are focused on delivering the SharePoint and OneDrive requirements first. After that we can put it on the table again
Mike Resseler
Veeam Software
 
Posts: 4225
Liked: 471 times
Joined: Fri Feb 08, 2013 3:08 pm
Location: Belgium, the land of the fries, the beer, the chocolate and the diamonds...
Full Name: Mike Resseler

Re: encryption possible?

Veeam Logoby krakhger » Fri Mar 23, 2018 10:49 am

Hi all!
I am hosting office 365 backup for some small tenants. This is because they have only Laptops and iOS devices and no infrastructure for doing Office365 Backup.


I figured out that on my infrastructure I can open the backup with Veeam Explorer for Exchange without needing any password.
Regarding GDPR I am a processor, if I even store personal data for a customer. But if the data are encrypted, they are temporarely no personal data until decryption. So if I had only encrypted data on my repositories, I am not a processor and not affected by GDPR.

A Customer asked me to evaluate this regarding GDPR compliance, and I am afraid, this procedure is not compliant because anyone how get the files can access the data.
Ok, I can encyrpt the Storage where the office 365 files reside on. It is also not possible to copy the adb files because the office 365 Service keeps it locked. But every support engineer who as access to the infrastructure has also access to the tenants data.

In my opinion, to be able to operate Veeam Backup for Microsoft Office 365 and to avoid to be a processor, the data must be encrypted.
This is my private Technical Point of view, I am not a laywer!

Gerhard
krakhger
Service Provider
 
Posts: 2
Liked: never
Joined: Fri Dec 16, 2016 6:03 pm

Re: encryption possible?

Veeam Logoby Mike Resseler » Fri Mar 23, 2018 11:36 am 1 person likes this post

Hi Gerhard,

First: welcome to the forums!

To make sure we are on the same page. You are storing data, so you are a processor. No matter if it is encrypted or not. Being a processor under GDPR is defined very broad, and simply storing data makes you already a processor.

That being said: it is not because you have access to the files that you are not compliant. However, as a processor, you do need to be able to audit that access. Inside the solution, we are building logging (for the next version) that will allow you to audit who has opened Veeam explorer for exchange, what he or she has done (including previewing data) and what he/ she has restored. That is step 1.

I am very much aware that this is not enough, on the file level (through windows auditing) you will most probably need to do the same thing (or if you have another 3rd party solution for that). In the end, every "workload" can be temporary stopped and files can be copied. This goes for this solution but also for VMs, for files if you are hosting file services or even websites. Which means that every IT administrator in your environment can be doing unauthorized things.

A next step (as I said already above) is to take it one step further and get encryption at rest with a key (or keys) that are only known by tenants. But even in that case, you will have to do more as I explained above.

To conclude, trying to make sure that you as a processor don't have access to data is practically impossible, and it is also not forbidden. But being able to audit what is going on is possible and is necessary for audits and research in case something happens

Makes sense?

Cheers
Mike
Mike Resseler
Veeam Software
 
Posts: 4225
Liked: 471 times
Joined: Fri Feb 08, 2013 3:08 pm
Location: Belgium, the land of the fries, the beer, the chocolate and the diamonds...
Full Name: Mike Resseler


Return to Veeam Backup for Microsoft Office 365



Who is online

Users browsing this forum: vmniels and 5 guests