Worldwide Collaboration – Office365 #collaboration

English: Cloud Computing Image

English: Cloud Computing Image (Photo credit: Wikipedia)

The beautiful nature of how Office365 allows collaboration is one of the prime reasons so many people and businesses are moving to Office 365. It allows users to work within their teams and departments on the same documents, whether they work in the office as ocassional home users or complete remote workers. In the world of the internet there is no reason to have a segregation of work even though users may not necessarily see one another.

Office 365 ticks many boxes for collaboration as outlined below;

  • A way to make files accessible to the remote worker.
  • A means of assigning and sharing tasks, appointments, notes and more…
  • An online meeting space, groups can use to call in or gather together.
  • A shared site that can be accessed through numerous tools when working with other team members from other countries or multilingual documents.

 

 

In Office 365 you can clearly see that it pushes the boundaries of working from an office, huge distances to commute and the ability to work just as efficiently remotely and on the move as being in the office. The boundaries are broken by the integration of many “apps” which seamlessly gel together to provide a suite of cloud-based tools. I refer to them as apps as in Office 365 the idea of Microsoft Office on a PC has been stretched beyond the desktop box – mobile devices such as the Microsoft Surface, iPad, laptops and more recently powerful SmartPhones have paved the way for users to collaborate wherever and whenever.

Cryptography – Symmetric & Asymmetric

Please don’t be scared by the name of this post, it is all Office 365 related. This method of exchanging information between collaborating parties makes it very difficult for others to access the information. So when you look into this, think ADFS and the way your organisation talks to Microsoft.

Cryptography aims to allow you to transmit sensitive information across an insecure network, for example, the internet, so it cannot be ready by anyone except the intended receiving party.

Modern cryptography is based around mathematics, encryption. In addition to this, modern cryptography techniques can also be used to sign data so that any reader is aware of the origination of the data and ensure it is from the publisher who transmitted it.

The primary two types of encryption are;

  • Symmetric
  • Asymmetric (or public)

Encryption and decryption requires the use of secret information, known as a key.

This ‘key’ is shared between two parties in advance, this key is used for both the encryption and decryption of a message.

Provided the recipient knows the key, they will be able to decipher the message, anyone who tries to intercept the message but does not have the symmetric key will be unable to convert it to something decipherable, although this will depend on the complexity of the key (much like a login password!).

Symmetric Encryption

The same key is used for both encryption and decryption. The parties must agree on the secret key in advance and then keep it to themselves, once they have done this they will be able to send each other secured messages.

However, a simple substitution algorithm is relatively easy to crack, not necessarily at human level, but with regards to computing, it could well be ‘crackable’. You could increase the digits of the key to complicate it further however, you will need a careful balancing act between security and performance. Something with a massive key would take longer to encrypt and decrypt, whereas a shorter key would be faster.

Symmetric key encryption provides good performance compared to asymmetric encryption, and is a good choice for bulk encryption.

Symmetric key encryption does have a rather large catch;

In order to create this ‘collaboration’ with another party, you will need to send the key to the other party, however, until the key is in place both ends, you are unsecure in your transmissions. If you had a secure channel to transfer this key in the first place, there would be no need for this solution. So in theory, a brave attempt at security, but it still leaves that gap of a ‘what if’ scenario, most wouldn’t want to test. I’d certainly hope my banking data isn’t transferred using this method.

 

Asymmetric Encryption (Public Key encryption)

Asymmetric encryption was developed by Whitfield Diffie and Martin Hellman (Diffie Helman if that rings a bell), however this was overshadowed by the ‘RSA’ algorithm.

The core principle for asymmetric encryption; Encryption that is performed in one direction cannot simply be decrypted by applying a rule in reverse – anything encrypted with a public key can only be decrypted with the corresponding private key.

In this encryption, there is the use of two keys, a public key accessible by anyone, and one private key stored in the safest of locations by one party.

Anything encrypted with the public key can only ever be decrypted by the party with the private key, so in this case, unlike symmetric, there is no need for the physical exchange of a secret. Encryption with the private key is used to prove the source of the message, because if you receive a decryptable message using the public key, you know it came from the party with the private key.

Asymmetric is generally used to initiate a secure channel and provides a means to exchange a temporary symmetric encryption key, so by combining the two, you generate a safe way of securing collaboration between the two parties. This is also know as a ‘session key’

 

%d bloggers like this: