Office 365 / skydrive
We've signed up for the Office 365 A2 plan for education (free with EES), and plan to use web-apps and sky-drive fro faculty staff. Our only issue with this roll-out, is we need to find out where the datacentres are located that are holding the data.
I understand Microsoft have datacentres globally, however it has been mentioned to me that educational subscriptions are only hosted in the EEA. Does anyone know if this is right?
We are on the same plan as you, we were told by Microsoft that our data is in Dublin, with the fail-over location being Amsterdam.
Office 365 is hosted in DCs around the world, it has nothing to do with which flavour you're on. Instead, your tenant will be primarily homed in the nearest DC pair, which for UK customers is the EU pair in Dublin and Amsterdam.
Originally Posted by neonetman
Where they're physically located is a bit of a red herring when it comes to data privacy and security though - it's about more than that. Microsoft's IL-2 accredited by the government, is signed up to EU Safe Harbor and a bunch of other attestations to ensure your data is safe and secure wherever it's held.
You might want to check out the Office 365 Trust Center to learn more about how Microsoft secures its cloud: Office 365 Trust Center
Also, the Global Foundation Services team - the organisation that runs Microsoft's DCs: Microsoft Data Centers
Also, the PR around the IL-2 accreditation: Microsoft Office 365 Receives G-Cloud IL2 Accreditation from Cabinet Office for Use Across the UK Public Sector - Microsoft UK Government Blog - Site Home - MSDN Blogs
Hope that helps! :)
Which I think means both GCHQ and NAS can get to it? From what I gather, if you're British (or non-US), the Americans can snoop and sell it to the UK; if you're a US citizen, GCHQ can snoop and sell it to the Americans. And if it's anywhere else in the world, they can both get to it without going through the inconvenience of a sharing arrangement. Otherwise, you only have to worry about the Chinese, Russians... If Google and Apple are admitting that the US government have back doors into their data centres which they didn't know about, as well as the ones they'd been forced to comply with, it's probably pretty much open doors anyway. /Rant / puts tin foil hat away :)
Originally Posted by jstuttard
More helpfully (I hope), I have done a risk assessment based on the same info as @jstuttard and @jamesbmarshall quote and my personal view is that it is low risk of data compromise or loss. You're probably better set up than me, but I reckon that MS will be better at data security than I am!
As per @jamesbmarshall's contribution, I wouldn't put IL3 data on there (or on any commercial cloud service) unless encrypted first and with 2FA, but again, I would defer to the Government's experts as at the very least they have more resources to look into the detail to inform their risk assessments than I have, so I would be happy to advise the school that they could put data of IL2 category and below on Office 365. I also don't see how you or the school could get into trouble with the ICO if Cabinet Office are using the same system.