Cloud Computing Interview with Microsoft MVP – @AndyMalone #office365 #microsoft

Firstly, I’d like to thank Andy for taking the time to write a little something for the Guru365 blog. Andy is a very busy man and every second he has donated to this post can’t be thanked enough.

Andy’s background –

Andy Malone (UK) Microsoft MVP, MCT MCITP, MCSE, CTT+andymalone

Andy Malone is the CEO of Quality Training Ltd and founder of both the Dive Deeper Technology and Cybercrime Security events. Based in Scotland, Andy is a popular international event speaker and Technology evangelist with over 15 years’ experience. Andy was also the 2006 winner of the Microsoft TechEd Speaker Idol contest.

Andy has delivered technical and security content to thousands of delegates worldwide at various technical conferences, such as Microsoft TechEd, Connections and Tech-days. His passionate style of delivery, combined with a sense of fun has become his trademark.

Although his primary focus is always for security. Andy loves to talk about the Windows platform, Exchange and Office technologies. And with knowledge dating back to the MS-DOS 2 and Windows 2.0 era there is often an interesting story to be told. But technology never sleeps and Andy continues to work with the Microsoft product teams to create and deliver ground breaking material on Windows 8 and beyond. Recent projects have included security training & consulting in Kuwait, Dubai and the US for Government, Military and civilian clients. And more recently worldwide partner training for Microsoft’s new Office 365 cloud based platform.

Follow Andy on Twitter: @AndyMalone


Hi Andy, and many thanks for taking the time to talk to us about cloud computing, your experiences as an international event speaker and my personal favourite, Office365.


  • You have been involved with Office 365 with regards to training courses from the early days, how have you found the product and what do you see as the major benefits of using a cloud product, such as Office365?

Andy Malone – Since its conception, Office 365 has come on a long way. Moving to the cloud was often seen as a complex procedure. But Office 365 has allayed those fears in many ways. In terms of migrating to the cloud there are a large number of tools and partners that provide simple web based services to assist in moving your data to the cloud. In terms of the other benefits I would have to say having your data constantly backed up and deing able to access your data 24/7 and on any device is definitely a win win. Of course another benefit is the cost. You don’t need to invest in a complex and expensive infrastructure. O365 uses a simple subscription method so you don’t need to worry about costly licencing agreements and replacing expensive hardware.


  • Wave15 has been the latest offering for Office365, have you noted any major improvements to Wave14 and any exciting features that you particularly like?

Andy Malone – Wave 15 brings some major changes. Firstly the Office 2013 Professional Plus software that is included in the subscription is now delivered by App-V technologies. In other words it’s streamed and cached rather than permanently installed. This “service” rather than a fixed licence means that you will always have access to the latest versions of MS Office. Next Security! This is something that has really come on a long way. Firstly all email is secured with Bitlocker drive encryption at the data centre. This includes all the databases and log files. But also transport encryption with EAP/TLS cryptography. Compliance is a big word these days and Office 365 has made a lot of improvements. Data Loss Prevention, tracking, auditing and retention policies are just some of the new features that are integrated throughout Exchange & SharePoint.


  • Having thoroughly enjoyed your course for Office365 earlier in the year, have you enjoyed teaching technical personnel the content for the Office365 course?

Andy Malone – Absolutely it’s been a blast 🙂


  • Are there any particular areas that have been difficult or demanding with regards to teaching the product?

Andy Malone – There are many companies offering 365 training, but they use eLearning type labs. Now whilst this fine, there is no substitute for hands on experience. That’s why my labs are the real thing. Live IP Addresses, certificates etc. There is no experience like real experience!


  • Do you think there is enough content available for people to be learning the product from an administration point of view?

Andy Malone – This is difficult. I know many people who want to write courseware, but the problem is that it goes out of date very quickly as the service constantly changes. (Notice I said service and not product! That’s an important distinction here). So to answer your question it is coming but it has been slow purely because of what’s involved.


  • With regards to content for learning, do you have any links or videos that you would be willing to share with us that may make the process of certification and troubleshooting easier?

Andy Malone – Gosh there are so many. But a good place to start is the community pages on the Office 365 website. Also follow the product group blogs, Office 365, Exchange, SharePoint etc.


  • What are the major topics you teach in your Office365 course and after completing the course what kind of certifications are available to administrators?

Andy Malone – Topics covered include deployment, Identity Management, ADFS, Dirsync and Exchange & SharePoint. In terms of certification. You can go for the MCITP Certification in Office 365. 70-321 & 70-323


  • Cloud Computing has had a massive impact over the past 12 months, how do you think this will change the way businesses in the UK work for the future?

Andy Malone – It’s like that movie Gun fight at the OK Corral. You can run but you can’t hide. Sooner or later I believe the cloud will be the norm.


  • As an MVP you speak at many major Microsoft events, for the general administrator what are the benefits of attending events such as TechEd?

Andy Malone – This is an easy one. Knowledge. As well the ability to meet your peers, attend great sessions and be one step ahead of the game.


  • I’m sure as a speaker you have thoroughly enjoyed these speaking events, do you have any particular highlights from years gone by?

Andy Malone – My first TechEd I remember feeling so intimated by these amazing speakers, Minasi, Riley, Russinovich and now over the years they are my friends. So that’s got to be a good thing right?


  • As a worldwide consultant and trainer you’ve had the opportunity to travel the world, do you have a favourite location and why?

Andy Malone – Iceland, definitely my number 1. You can experience true peace there. Other favourites include Dubai, Kuwait, Norway, Durban in South Africa and Bulgaria, they were really nice people.


  • How have mobile devices and cloud services/computing assisted you in your job travelling around the world?

Andy Malone – Communication is key, especially in today’s modern world. My phone and iPad go everywhere (as does my Windows 8 Laptop of course :))


  • I very much appreciate your time, for our readers do you have any social media identities that our users can follow you on in the future? (Twitter/Facebook Pages/Websites/Blogs etc)

Andy Malone – Twitter @AndyMalone Pretty much everything is there. Also my new Cybercrime website.


Andy is a keen Tweeter, so well worth following his tweets on Twitter!

Again, many thanks Andy for taking the time to answer questions on Cloud Computing and Office365.

Cryptography – Symmetric & Asymmetric

Please don’t be scared by the name of this post, it is all Office 365 related. This method of exchanging information between collaborating parties makes it very difficult for others to access the information. So when you look into this, think ADFS and the way your organisation talks to Microsoft.

Cryptography aims to allow you to transmit sensitive information across an insecure network, for example, the internet, so it cannot be ready by anyone except the intended receiving party.

Modern cryptography is based around mathematics, encryption. In addition to this, modern cryptography techniques can also be used to sign data so that any reader is aware of the origination of the data and ensure it is from the publisher who transmitted it.

The primary two types of encryption are;

  • Symmetric
  • Asymmetric (or public)

Encryption and decryption requires the use of secret information, known as a key.

This ‘key’ is shared between two parties in advance, this key is used for both the encryption and decryption of a message.

Provided the recipient knows the key, they will be able to decipher the message, anyone who tries to intercept the message but does not have the symmetric key will be unable to convert it to something decipherable, although this will depend on the complexity of the key (much like a login password!).

Symmetric Encryption

The same key is used for both encryption and decryption. The parties must agree on the secret key in advance and then keep it to themselves, once they have done this they will be able to send each other secured messages.

However, a simple substitution algorithm is relatively easy to crack, not necessarily at human level, but with regards to computing, it could well be ‘crackable’. You could increase the digits of the key to complicate it further however, you will need a careful balancing act between security and performance. Something with a massive key would take longer to encrypt and decrypt, whereas a shorter key would be faster.

Symmetric key encryption provides good performance compared to asymmetric encryption, and is a good choice for bulk encryption.

Symmetric key encryption does have a rather large catch;

In order to create this ‘collaboration’ with another party, you will need to send the key to the other party, however, until the key is in place both ends, you are unsecure in your transmissions. If you had a secure channel to transfer this key in the first place, there would be no need for this solution. So in theory, a brave attempt at security, but it still leaves that gap of a ‘what if’ scenario, most wouldn’t want to test. I’d certainly hope my banking data isn’t transferred using this method.


Asymmetric Encryption (Public Key encryption)

Asymmetric encryption was developed by Whitfield Diffie and Martin Hellman (Diffie Helman if that rings a bell), however this was overshadowed by the ‘RSA’ algorithm.

The core principle for asymmetric encryption; Encryption that is performed in one direction cannot simply be decrypted by applying a rule in reverse – anything encrypted with a public key can only be decrypted with the corresponding private key.

In this encryption, there is the use of two keys, a public key accessible by anyone, and one private key stored in the safest of locations by one party.

Anything encrypted with the public key can only ever be decrypted by the party with the private key, so in this case, unlike symmetric, there is no need for the physical exchange of a secret. Encryption with the private key is used to prove the source of the message, because if you receive a decryptable message using the public key, you know it came from the party with the private key.

Asymmetric is generally used to initiate a secure channel and provides a means to exchange a temporary symmetric encryption key, so by combining the two, you generate a safe way of securing collaboration between the two parties. This is also know as a ‘session key’


%d bloggers like this: