Microsoft OneDrive Goes Unlimited, Improved Encryption for Business Users

Microsoft OneDrive for iPhone

Microsoft announced on Monday October 27, 2014, that its cloud file service, OneDrive, has been updated to allow unlimited storage to subscribers of Microsoft Office 365. Microsoft OneDrive was just updated earlier this summer to provide Office 365 subscribers with 1TB of cloud storage. This means that for as low as $6.99 per month, a user can have a full version of Microsoft Office installed on a desktop computer, use Microsoft Office on the iPad, use Microsoft Office Online, and have unlimited cloud storage of Microsoft OneDrive.

Microsoft OneDrive for iPhone

The storage update is being rolled out in phases beginning with Office 365 Home, Personal and University customers. Microsoft promises that the roll-out will continue over the next few months, with OneDrive for Business customers seeing unlimited storage in 2015.

Additionally, Microsoft announced enhanced Mobile Device Management (MDM) for Office 365. IT administrators will be able to set more advanced mobile device policies for iOS, Android and Windows Phone devices running Office 365 beginning the first quarter of 2015. This will be done directly from the Office 365 administration portal, and will allow an Office 365 administrator to perform selective wipes of devices to remove only Office 365 corporate data (and leaving personal data intact), to set requirements of security (like pin access), and disable services if a Jailbreak or root is detected.

Microsoft also indicated that SharePoint and OneDrive for Business have been enhanced to provide advanced encryption of data at rest (while files are stored on Microsoft’s servers). Per-file encryption has been added, which means that every file stored on OneDrive for Business now has its own unique key, and any update to the file creates a new unique key. This means that even if an individual is somehow able to intercept the encryption key, it will only work for one file, and is only valid until that file is modified. Also if brute force is used to break the encryption of the protected file, each and every file has to have its encryption key broken separately.

These updates to OneDrive for Business and Office 365 further strengthen Microsoft’s offering in the cloud and office productivity areas. Microsoft is making it easier everyday to leave competing products from Google and DropBox behind.

Forensic Scientist Reveals Backdoor in iOS that allows Access to Encrypted Data

image

UPDATE: Apple has responded that the processes identified by Zdziarski are there only for diagnostic purposes. Rene Ritchie at iMore has clarified that what Zdziarski has actually discussed is dependent on “Trust Relationships”. When you plug in your iPhone or iPad to a computer, you are prompted to “Trust this computer”. The information on your device is only accessible if that type of trust agreement has been created between your device and some hardware (usually your computer). Zdziarski is concerned about the ability for a third party to steal the pairing records created when you trust a computer, or spoofing your iPhone or iPad into creating a “Trust Relationship” with hardware like a public USB charger.

ZDNet has an alarming article detailing a recent security talk from Jonathan Zdziarski revealing backdoors that exist in iOS that he suggests that Apple created with the purpose of making secure data available to law enforcement. He suggests that this can be done through USB, WiFi, or possibly even cellular. Although this would allow Apple to obtain personal data off your device, he couldn’t find a way that it could be used to restore data. He concludes that the only purpose could be to pull data off for other purposes than to help the customer.

The only truly secure state for the phone, according to Jonathan Zdziarski, is password-protected and powered off.  A very interesting and eye-opening read. (PLEASE SEE UPDATE WITH APPLE RESPONSE AT BEGINNING OF POST!)

Amazon Enters Enterprise Cloud Storage Battle with Zocalo

image

On July 10th, Amazon introduced a new enterprise cloud storage device called Amazon Zocalo.  The service is currently in limited invitation, and requires an Amazon Web Services account to request an invite, but should quickly roll out to a wide release.  Each user will get 200gb of storage for $5.00 per month.  Clients will be available for iOS, Android, Amazon Fire, and desktop computers. Data will be transmitted and stored using client-side encryption. 
The storage wars are definitely heating up.  In addition to being able to store any file type using this service, users will be able to view and annotate Microsoft Office documents and PDFs. Zocalo can be integrated with Active directory so that users can use the same account on their local server and Amazon and full file auditing is available.  The account administrator can limit sharing and editing between users. 

It will be interesting to see how this compares to Dropbox, Google Drive, and Microsoft One Drive for legal users.  My main concern for attorneys is that the encryption key is held by Amazon, but it is nice that for compliance purposes that you can decide what region your cloud files are stored in. As this becomes more widely available, I hope to review it for use on the iPad and iPhone.  Visit amazon to request your invite and subscribe

iOS 7.1.2 Update Available to Patch Email Attachment Encryption Bug

If you are using an iPad or iPhone, it is time to fire up your Settings app again and do a software update. Apple has released iOS 7.1.2 which patches a bug that left attachments to your email without encryption. This means that if your password protected device was plugged into a desktop computer, any email attachments would be available without the normal encryption.

Although this is a relatively small bug for most, those in the legal community could face dire consequences if documents attached to your email could be easily accessed from a lost or stolen device. As always, this update is available over the air by going into settings, then general, and finally Software Update. Before updating it is important to have a backup of your device. I always recommend plugging into a computer and doing a local backup, but at least make sure your device has been backed up to iCloud recently.

Some users have experienced problems of their device freezing during installation. Redmond Pie has an article suggesting how to reset your device if you experience this issue.

20140701-232456-84296295.jpg