RE: Security and Implications of Hosted Exchange

Thanks all for the many replies, they have all been helpful. The opinions
I've received are similar to what my presumptions were. Thanks again!

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of Shayne Sales
Sent: Friday, November 16, 2007 11:24 AM
To: focus-ms@xxxxxxxxxxxxxxxxx
Subject: Re: Security and Implications of Hosted Exchange

Past companies I have worked with, who have used Hosted Exchange
services, the provider used SSL to secure the access.

OWA over SSL
and also RPC over HTTPS (SSL) for direct Outlook client Access. (2003
and Newer Outlook Clients I believe)

As for the user info, the providers I saw in use, did not need nor
require any user info. The providers had Web Based administration to
add/remove/edit user accounts, and the person doing this filled in as
much or little personal info as they want.

I also assume that being it is a hosted solution, they farm out the
exchange server to numerous other companies, but if done right, you
never noticed, you don't see the other clients in the GAL nor the
Public Folders.

The biggest concern I had with this method was Data Recovery... If the
provider should go under, what means and legalities are needed to
obtain your data back from them?

Hope that helps somewhat.

On 16-Nov-07, at 9:34 AM, Roland Dobbins wrote:

On Nov 15, 2007, at 11:11 AM, Dan Denton wrote:

But, having the features of
Exchange without having to backup/restore the system or worry about
and fixes is pretty attractive.

I'm sure at least some of the folks who offer hosted Exchange would
also offer a VPN service whereby the Exchange server wouldn't be
exposed to the general Internet (or to other servers for other
customers), but would be isolated with all appropriate network, host
OS, and application BCPs, and accessible only via a VPN of some sort.

Roland Dobbins <rdobbins@xxxxxxxxx> // 408.527.6376 voice

Culture eats strategy for breakfast.

-- Ford Motor Company