Intelligent Tech Channels Issue 09 | Page 47

INTELLIGENT SOFTWARE BUSINESS compliance aren’t given the importance they deserve. Office 365: The outlier Office 365 is certainly an outlier among all other cloud apps when it comes to compliance. This online productivity software suite from Microsoft is a one-stop solution for accessing various applications, including Exchange Online, SharePoint Online, OneDrive, Skype and the hosted versions of Microsoft Office tools. These services deal with heaps of information and the burden of securing this data falls on Office 365. Failing to ward off any unauthorised access to this information will only invite non-compliance. The good news is that, on the compliance front, Office 365 is light years ahead of its competitors. It is compliant with almost all industry mandates such as PCI-DSS, HIPAA, GLBA and more. It also boasts a dedicated security and compliance centre, which helps you devise your own strategy to meet the various external and internal rules and regulations with which your organisation has to comply. So, does this signal an end to all your compliance- related issues? The answer to this question is an emphatic “no.” With regards to compliance, here are some areas where Office 365 still hasn’t upped its game: Compliance—a work in progress: The security and compliance capabilities of Office 365 are still a work in progress. Its current approach to compliance might help only those businesses with few, generic compliance requirements. But Office 365 doesn’t provide many options for organisations that come under the purview of many stringent external IT regulatory bodies and have to audit many specific events and store the logs for specific time periods, for security or compliance reasons. Audit trails, a 90-day barrier: To improve performance, all user/ administrator activities and mailbox audit trails are purged by Office 365 after 90 days. But most industry compliance mandates require companies store these audit logs for years, to facilitate forensic log analysis in case any issues crop up. Limited reports, a major stumbling block: During audits, organisations are required to produce corresponding compliance reports for auditors to validate the security of confidential information across all applications. But native reports in Office 365 are very limited and don’t provide the level of visibility required to ensure hassle-free compliance. For example, Office 365 doesn’t report on changes made by Exchange administrators, delegates and non-owners to mailbox properties. Also, Office 365 reports can’t be filtered to meet your needs. So an administrator can view all the accesses to a mailbox, for instance, but not the details appertaining to accesses made by a single user from different IP addresses. Increasingly, organisations need to look for solutions that include reporting, auditing and management functionality, and can unshroud the air of scepticism surrounding compliance and store all audit trails for as long as they want. The aim ultimately is to bid adieu to their compliance-related woes.  Siva Chelladurai, Marketing Analyst, ManageEngine. 47