Blog >  HIPAA Compliant

Office 365 E5 Missing Critical Cloud Security Features


  • Communications Content Not HIPAA Compliant – Office 365 E5 does not provide HIPAA compliant protection on communications content (voicemails, faxes, call recordings). This leaves critical personal information and communications susceptible to possible intruder access.

PanTerra provides complete end-to-end HIPAA compliance on both user content and communications content, ensuring privacy of all information stored in the PanTerra cloud. End-to-End HIPAA compliance protects sensitive content and communications not just at the cloud service, but through the connectivity to end devices as well as the end devices themselves (thru MFA authentication).

  • No Multi-Factor Authentication (MFA) Across All Devices – MFA authentication is an essential enterprise security feature to maintain the privacy and security of corporate content and communications. Office 365 E5 does not provide comprehensive MFA on all devices such as IP phones, conference phones, desktops and mobile devices; allowing intruders to gain access to corporate data by "impersonating" corporate clients.

PanTerra provides MFA on all connected devices for both content and communications access ensuring complete privacy and security on all content and communications.

  • No Support for Third-Party Single Sign On (SSO) Providers – Office 365 E5 does not support third party SSO providers.

PanTerra supports active directory as well as multiple third-party SSO providers such as OneLogin and Okta.

  • No Remote Active Device Manager – Office 365 E5 does not have a means to manage the security of multiple communications devices such as IP phones, desktops and mobile devices.

PanTerra provides complete multiple device management through its Remote Active Device Manager (RADM), which allows users and administrators to lock out specific devices should they be lost, stolen or compromised.

  • No Telecom Intrusion Monitoring – Hosted VoIP providers, including Microsoft, are susceptible to "relay hacking" where an outside intruder gains access to the hosted VoIP service via an IP phone client (can be softphone or regular desk phone) and relays international calls through that device on the corporate VoIP service. This can cost enterprises thousands of dollars in international calling costs in a matter of minutes. Office 365 E5 has no MFA (which would virtually eliminate the probability of being hacked in the first place) and no active monitoring of international calls within the account to determine if a relay hack is occurring. This leaves the enterprise highly susceptible to this type of costly intrusion.

PanTerra has both MFA and telecom intrusion detection/limiters such that, even if an intruder gained access to a client, they would be locked out after hitting a low threshold limit of calls.

Don’t get me started on scalability…really, don’t get me started…wait until you see my next post!