Microsoft encrypts Outlook, OneDrive against government snooping
This morning, Microsoft’s Trustworthy Computing Security vice-president, Matt Thomlinson published this post on TechNet, announcing new security measures designed to better protect Outlook and OneDrive users from cyber-snooping and other forms of unauthorized access to cloud-stored user data.
Outlook.com now features TLS and PFS
The first milestone of the three discussed by Thomlinson is the addition of the Transport Layer Security protocol, and Perfect Forward Secrecy, to Outlook.com. TLS enables encryption security of all outbound emails, and ensures that all recipients using TLS security on their end are able to benefit from the same level of security.
PFS is a data transfer protocol that uses a different encryption key with every new connection, making it harder for hackers to intercept communications between email providers.
PFS also enabled on OneDrive
The second item is the addition of Forward Secrecy, now available to OneDrive customers, and enabled by default through onedrive.live.com, as Thomlinson elaborates:
“As with Outlook.com’s email transfer, this makes it more difficult for attackers to decrypt connections between their systems and OneDrive. “
Microsoft Transparency Center
Last but not the least, is the announcement of the first Transparency Center, located on the company’s Redmond campus, where government entities have the opportunity to participate in review programs, where Microsoft products and services are open to audit and verification against backdoors and other vulnerabilities.
According to Thomlinson’s post, the works in regard to the Brussel Transparency Center announced in January are still underway.
These announcements are not surprising as the effects of former government security contractor Edward Snowden are still tangible across the spectrum of companies affected by his revelations, especially on an image level. Microsoft as well as every other company that provides cloud services, is still working overtime to restore consumer confidence in cloud services, and the creation of these Transparency Centers might very well be the first significant steps towards restoring that confidence.