12-04-2017 12:49 AM
12-04-2017 12:49 AM
One of our partner has below scenarios and raised the below queries:
1. Text – unprotected Android phones
i. How is Skype for Business online different from Signal and WhatsApp?
ii. Has SfB been compromised before or has it been target of such attempts as described?
iii. What would a would-be attacker require to compromise SfB chat communication?
2. Voice chat – unprotected Android phones
Customer concerned that perceived attackers have access to mobile operator exchanges and have access to voice and data communication for all mobile phone users.
c. Can we position Skype for Business in a way that addresses above concern? Examples of information that could help:
i. Can we confirm that irrespective of man-in-the-middle access of perceived attackers, the data they have access to would be unusable as both types of voice communications are encrypted?
3. Data exchanges – Windows PCs, Android tablets, unprotected phones:
Customer would like to position EXO, SfB, SPO, AIP (Azure Information Protection), Intune etc. as end-to-end tooling that would secure end user productivity applications (MS), devices and communications to ensure data at rest and in transit is secure. It is understood that such guarantees are possible only with observed limitations in ways of working (e.g. BitLocker, data classification, definition of trusted recipients etc.)
b. Can we position above (or any other suggested products) in a way that satisfies customer concerns:
i. What would a would-be attacker require to gain access to data? E.g.:
• Attacker would have to have username and password and physical access to trusted device; OR
• Attacker would have to have the master decryption key which is held by… or at….
4. Data exchanges – Mac PCs / Mac OS:
Customer stated that Mac OS may not afford us sufficient controls to achieve similar security to scenario 3. For example, we may not be able to prevent printing of a sensitive document if there is physical access to device.
b. Are we correct in advising reduced ability to guarantee security of data at rest?
5.. Data exchanges – Mac PC / Windows OS:
Customer stated that while Windows OS would render a Mac PC as securable as Windows PC, this is only true for as long as the user uses Windows OS.
b. Should we change our position if the customer agreed to dual-boot into Windows? Could we definitively prohibit access from Mac OS?
Any pointers would be of great help.
12-06-2017 12:31 AM
I am not able to respond to your remaining questions, as they are a little out of my field of experience.