Over in the Office 365 Community Group on LinkedIn one of the members just made me aware of a product that encrypts data in Office 365. The product is called Vaultive as a Service for 365 and it seemingly works by passing all content through it’s service on the way to Office 365. As it passes through it gets encrypted and as it passes back gets decrypted. Sounds pretty useful, especially in the current climate where the US government are about to make it law that they can get their hands on data managed by a US company regardless of which country it’s stored within.
Would a solution like this mitigate the worries and risks of governments being able to get data? Has anyone use an encryption service like this and what is the performance like? Does it also work with SharePoint or is it a pure email solution?
Please share your thoughts.
Perhaps US companies might move their management arm to other countries )
Happy Holidays! I came across this discussion.It’s my first time hear about Vaulitive’s products. Thanks for sharing the information. As you mentioned encrypting the data in SharePoint, you may also want to check NextLabs microsoft-sharepoint product (http://www.nextlabs.com/html/?q=microsoft-sharepoint). It provides encryption to documents/files uploaded to SharePoint Online, and On-premises.
I did wonder Rene – thanks for clearing it up. It’s not that obvious from the content on their site. Be a nice solution though if someone had it ;)… I bet the performance impact would hammer the usability though.
Careful: Vaultive encrypts only the “Exchange stuff”, as far as I know. I talked to them before (last year?), and at that point of time there was no SharePoint encryption.
As far as I know, there’s no third party solution for SPO.
Office 365 already has encryption at rest through the new Fort Knox implementation, so I’d have some concerns about the double encryption.. if anything just from the potential performance impact.
In the end it comes down to how concerned are you that a foreign power could access your data. If the USA wanted to get at your company data in the UK (and if they could show just cause) they could request the data via the existing agreements between the USA & UK (and similarly Ireland and Holland no doubt) which would result in a Court from the Sovereign country issuing the mandatory order.
The issue with the current case is that the USA seem hell bent on disregarding the (current) due process. In which case if you are truly paranoid or have just cause.. Double encrypt or copy Jennifer Lawrence’s example and stop storing your data in the cloud.
Paul.
