Office 365 Compliance

In Asia, it takes a lot of faith for businesses to have their data hosted out side of their own property. Common questions business owner will ask when it comes to cloud hosting are things like how their data is secured and who can see their data.

Vendors like Microsoft and Amazon can make all kinds of claims, but in the end, assurance comes in the form of a third party certification.

Microsoft Office 365 cloud, which host my company’s email (Exchange), instant messaging (Lync) and documents (SharePoint), has a few certifications under it’s belt.

This blog post from the product team talks about how our compliance concern are handled professionally by Microsoft.

http://blogs.office.com/2014/06/24/how-does-office-365-continuously-meet-your-compliance-needs/

And if you care enough to find out more in details, there is a landing page for this here

http://office.microsoft.com/en-us/business/office-365-trust-center-cloud-computing-security-FX103030390.aspx?redir=0#compliance

But for layman like me, what does terms like ISO 27001 and HIPAA mean for me? So I found that this page explains the meaning of the certificates that Office 365 has

http://office.microsoft.com/en-us/business/office-365-trust-center-top-10-trust-tenets-cloud-security-and-privacy-FX104029824.aspx#complianceStandards

Because the list doesn’t provide links back to respective certification body, I provide a list here:

Health Insurance Portability and Accountability Act (HIPAA)

Federal Information Security Management Act (FISMA)

ISO 27001

European Union (EU) Model Clauses

U.S.–EU Safe Harbor framework

Family Educational Rights and Privacy Act (FERPA)

Statement on Standards for Attestation Engagements No. 16 (SSAE 16)

Canadian Personal Information Protection and Electronic Documents Act (PIPEDA)

Gramm–Leach–Bliley Act (GLBA)

If you read thru the detail, you will notice that some compliances are industry specific, as such health care (HIPAA) and financial services (GLBA). While I want to disclaim that I am not a legal professional but the Data Processing Agreements have pretty straight forward English. For most customers, a Data processing agreement with Microsoft will be covers generally the below few things.

1. Microsoft will not use your data other than to provide you the subscribed service

2. When you quit being their customer, you can extract your data before Microsoft is to delete them

3. Microsoft will not disclose your data to anyone except by law, but not without first notifying you about the law agency’s request

You can find a list of them Data Processing Agreement for Microsoft Online Services here.

https://portal.office.com/Commerce/supplements.aspx

Open XML SDK open sourced

OpenXML is the document forward used by Microsoft Office since Office 2007 on Word, Excel and PowerPoint. It carries an extra ‘X’ at the end of its extension i.e. docx, xlsx, pptx.

Microsoft also made available a SDK for developers to manipulate the documents without relying on Microsoft Office. Those who follow my blog would know back in 2008 to 2010 I wrote a few post on working with Office documents on the server side without depending on Microsoft Office.

Today Microsoft made the OpenXML SDK an open source project, you can read about this on Doug Mahugh’s blog post here. Or you can head straight to the github repository to download the SDK. 

Opinion on hackathons in Malaysia

The Star columnist Gabey Goh asked me recently about my opinion on hackathon scene in the country. I gave her some feedback and they were published on the Star paper here.

Patrick Yong, a tech entrepreneur and “Microsoft Most Valuable Professional” award winner also believes hackathons hold value, having organised a couple.

“I think it is more than just fun and each hackathon has its own agenda. The audience is a mix of entrepreneurs, students and some tech gods. What I have seen so far, it is a good networking venue for whatever agenda you have.

“I notice however, that the depth or quality of the work we see at local hackathons varies. We’ve see some very good products, to mostly just university-type projects that have no value. Nevertheless it gives newbies an experience.

“So it’s not the question of too many hackathons — in Malaysia we don’t see too many new faces. If over a year, you went to four or five, you may have met most of the attendees,” he added.

Book Review : iOS Development with Xamarin Cookbook

Xamarin is getting a lot of attention and especially for a .NET developers, I have to take a look at it. Xamarin offers you to write your iOS and Android apps in C# and inside Visual Studio at the same time. However for iOS you still need Xamarin Studio in MacOS X to debug and deploy.

The key problems in widespread adoption of Xamarin are firstly the cost (which might be prohibiting for startups) and also the lack of training resources. Xamarin does offers online training via Xamarin University but again USD1,299 is too high for small customers. There are few books on the market and recently I managed to check out a new book on developing iOS app using Xamarin. The book, called “iOS Development with Xamarin Cookbook” obviously tells you that this is written in cookbook format where topics are broken into individual solution with little relationship with other parts of the book. This makes is easier for users to reuse the sample cook inside their projects.

However if you are a newbie to the world of Xamarin, do not be discouraged by the format because it contains a getting start recipe at the beginning of the book to get you ramped up quickly.

There are a few recipes which I appreciate a lot at the chapter on Graphics & Animation and also Advance Features because I have immediately needs on them. I believe in near feature as I spend more time on Xamarin, I will find the other chapters give me just as much value.

On rating of this book I gave it a 4 out of 5, and the only reason is Xamarin 3 just came out with a new project template. Xamarin 3 now uses storyboard as default design interface instead of using xib. However you can still make the sample code works by adding the xib manually.