Have you been naughty, or have you been really naughty? Microsoft 365 users to get their very own Compliance Score Got governance? Microsoft reckons there is room for improvement – it should know – and has used its Ignite Florida knees-up to batter compliance with its overused AI stick. Are you... compliant? Protecting data is a challenge. Microsoft 365 customers can already slap classifications and labels on documents to control which …
You remind me of when I was asked to do a security audit on devices.
I was asked why I had failed every fax and device with a fax card (that probably gives my age away).
"Because they were faxes."
But what was the problem?"
"They could send faxes."
... to make use of this offering, I am supposed to upload my business documents unencrypted (else how can the "AI" read/parse them?) to a computer system owned by Microsoft? Yeah, sure, right. That's going to happen ... five years to the day after Microsoft's last major security blunder. Maybe.
What kind of idiot is this service aimed at, anyway?
I predict people being locked out of things they are supposed to have access to.
If I'm thinking that, and the average IT user is thinking that, administrators are going to make sure this feature is disabled, just in case...
But because there is a tendency for Microsoft to think that they know best, that disabled setting might just get enabled again at the next update.
If Microsoft eat their own dog food, isn't there a risk that this might happen to their techies systems too?
Yup, the machines are taking control.
I predict people being locked out of things they are supposed to have access to.
Pretty sure you're wrong.
I mean, no automated service/system anywhere has ever locked a user/admin out of data/systems they should really have access to! Nothing's ever lost private keys or blocked all access or somehow flipped a bit in a password entry...
Hope the customers have good backups of their data on their systems (only I'll not be surprised if the MS T&Cs claim 'copyright' of all data on their system...).. Although that'd kinda defeat the purpose of using any 'cloud' service like this anyway, as said data are outside the scope of the scamscanner
...if data is important enough to bother presenting it nicely in a document then it's certainly important enough to firmly control who can read it. The whole product....no the whole concept...seems unfit for purpose to me.
I mean yeah convenience and yeah shiny tools; but to my mind you'd have to be a fucking idiot to expose your private data to potential hostiles, especially in a business setting. I genuinely don't understand why people would even use this as a free product, let alone pay for it....on a leasing system yet; where it can all be taken away from you if your bank fucks up. Nope. I don't get it at all.
It's in the cloud, it's in the contract. Therefore your data is automatically safe... Even if you think your data is stored in a region, us the AI local to it? Or are you opting into a submission to the TLA...
what I still don't get is why I keep getting told cloud has no risk....it's very frustrating
> what I still don't get is why I keep getting told cloud has no risk....it's very frustrating
I don't think anyone is saying that anywhere. The position I keep seeing is people adopting is that because they're running on prem there's no risk: that too is frustratingly incorrect.
An immense source of frustration for me, are the endless supply of Corporate IT policies that you must not $ForbiddenActivity. How about going about the policy the other way and answer How Do I?
For example, documents classified classified as critical must be kept on encrypted storage, and strictly not in the cloud or on our networked storage. You must password protect data too. We have encrypted hard drives deemed "good enough", so local storage is OK. Apart from office passwords being trivially breakable, so far so good.
Problems with these policies arise immediately. How do we back up the file if I can't use the network? Transferring it from one user to another means putting it on a suitable encrypted USB device; exposing risk of loss or theft. How do I get other colleagues to work on the document? And downstream users of the data may need to include a subset of it in their own analysis. Are they subject to the same restrictions? Maintaining version concurrency over sneakernet is a problem too.
A bigger problem comes with Office 365 and internal corporate snoopware. While the file is being edited; the snoopware in conjunction with O365 is actively sending material across the BLAN as you type, for inspection purposes. Is the connection suitably encrypted? Do I know it's not being eavesdropped? The recieving end of the snoopware must be able to decrypt it to inspect it, and is that end of the chain allowed to see the classified data? Personnel do ultimately sit on the end of the chain after all. Are those personnel from a 3rd party? Some of them are. What are they looking for anyway?
We're really good in the IT world at saying what NOT to do, but solutions for what to do are rarely forthcoming. The arcane world of Office 365, sharepoint and loss of control really just serve to further complicate answering any of these questions.
"We're really good in the IT world at saying what NOT to do, [...]"
I used to have an air-gapped PC to do analyses of sensitive customer network captures. The antivirus software was kept up-to-date by using an official version in standalone mode.
Then someone complained that some people were ignoring the general intranet updates. A regime was enforced that if you hadn't been connected to the intranet for a few days - then the security package would lock your PC until you had connected and received any updates.
The stand-alone updates were no longer to be supplied. Thus my very secure off-line system was compromised - by an enterprise decision that was supposed to increase security.
The MS 365 email service has a habit of putting legitimate emails in the IMAP "Junk Mail" folder. If you use POP3 there doesn't seem to be any way to see that repository - so the emails become invisible in that mode.
There appears to be no predictable consistency in the filtering. Ebay auction confirmations occasionally end up in there. Flickr and Yahoo user official notifications do too.
All the web page form posts forwarded from my web site get junked - even though each one will have a fair amount of variable user text. The formats are predictable - but security checks mean picture name updates and guest book submissions are validated before the email is sent.
In low volumes that can be tolerated - the human filter can move them to the "new mail" folder. You would think the MS 365 algorithm would learn the pattern of what you consider valid emails.
In low volumes that can be tolerated - the human filter can move them to the "new mail" folder. You would think the MS 365 algorithm would learn the pattern of what you consider valid emails.
If you're using Thunderbird or Evolution, you should be able to make a simple script to move messages out of the junk folders as needed.
If you're using that Other thing, well, welcome to the 90's... :)
It's a great idea and worth playing with to see what it does, but use in production? No fecking way! Can you imagine MS going to town on all your company's data, lableling it all then you come in on Monday and no one can access anything 'cos the labels have locked down the permissions and your local helpdesk is swamped with irate users who can't open their 65 XL sheets.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
