Microsoft Online Services are built on a Windows Server 2003 foundation. An SPS infrastructure doesn’t need the latest bells and whistles. It really needs time-hardened management and centralized security features. Not much has changed in the way of securing the connection from clients to back-end servers. What was bulletproof five years ago remains so today. Similarly, there’s no need to reinvent the wheel and use Microsoft Online Services to test run new platforms. The Microsoft Solution for Hosted Messaging and Collaboration that powers part of BPOS was already in its 3.0 revision way back in January 2005. Years ago, people used to joke that it took Microsoft three tries to get something right. Even if true, the server platforms underneath BPOS are well beyond that point.
For years, Microsoft has known that its future depended on security. Perhaps you remember in the lead-up to Windows XP’s launch that Bill Gates and others at Microsoft discussed many steps having been implemented to change how software was developed and tested for security within the company. One outcome of this was the Microsoft Trustworthy Computing Security Development Cycle, better known as SDL. If you want the full run-down on SDL, check out this link. Otherwise, just know that SDL assesses possible threats to software as that software is being designed, tests whether or not holes are being remedied, and mandates a thorough code review and security assessment before launch. Every element of Microsoft Online Services went through this process.
Naturally, Microsoft uses a range of hardware firewall and IP filtering appliances at each edge interface with the public Internet. Servers at these boundaries run Microsoft Forefront Security, the company’s enterprise-level anti-malware platform. With this, even if you inadvertently try to upload an infected file to a SharePoint site, for example, the file will be scanned, flagged, and quarantined before it ever reaches actual data servers. Just as information is protected within the data center, it’s also protected in transit. End-user browser sessions are safeguarded by strong encryption, and the connections running between Microsoft data centers are all run through VPNs.