Microsoft confirms encryption across cloud services

Microsoft confirms encryption across cloud services

Summary: Redmond giant will undertake a large encryption effort across its cloud services portfolio and data centre links, while stepping up its legal objections to governments accessing customer data.

SHARE:

Microsoft has confirmed that by the end of 2014, it will have encrypted all stored user content, any content transfers between itself and its users, as well as any transfer of customer data as it moves between its data centres.

Writing in a blog post, Brad Smith, Microsoft general counsel and executive vice president, legal and corporate affairs, said that the company would use 2048-bit encryption keys and Perfect Forward Secrecy.

"All of this will be in place by the end of 2014, and much of it is effective immediately," Smith said. "We're working with other companies across the industry to ensure that data traveling between services — from one email provider to another, for instance — is protected."

In concert with the new encryption, Smith said that Microsoft would use legal means to ensure that customers were notified when legal orders related to their data are received by the company.

Special Feature

IT Security in the Snowden Era

IT Security in the Snowden Era

The Edward Snowden revelations have rocked governments, global businesses, and the technology world. When we look back a decade from now, we expect this to be the biggest story of 2013. Here is our perspective on the still-unfolding implications along with IT security and risk management best practices.

"Where a gag order attempts to prohibit us from doing this, we will challenge it in court," he said. "We've done this successfully in the past, and we will continue to do so in the future to preserve our ability to alert customers when governments seek to obtain their data."

"We'll assert available jurisdictional objections to legal demands when governments seek this type of customer content that is stored in another country."

Smith said that the company believes that governments should gain access to information and data in the same way it did before IT moved to the cloud, by going directly to Microsoft's customers, and that the company should only be propelled to disclose data in "the most limited circumstances".

"And when those limited circumstances arise, courts should have the opportunity to review the question and issue a decision."

It was reported last week that Microsoft intended to make such a move, and follows similar encryption announcements from Google and Yahoo.

The moves by the technology giants are a response to the Muscular program run by the NSA and GCHQ that allowed the spy agencies to tap the traffic moving between Google and Yahoo data centres.

Smith said that it was appropriate for Microsoft and governments to become more transparent on privacy and security issues.

"Ultimately, we're sensitive to the balances that must be struck when it comes to technology, security and the law," he said. "We believe these new steps strike the right balance, advancing for all of us both the security we need and the privacy we deserve."

Topics: Security, Cloud, Microsoft, Privacy

About

Chris started his journalistic adventure in 2006 as the Editor of Builder AU after originally joining CBS as a programmer. After a Canadian sojourn, he returned in 2011 as the Editor of TechRepublic Australia, and is now the Australian Editor of ZDNet.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • Makes too much sense!

    Smith is DEAD right, and this should be the law of the land:

    Governments should gain access to information and data in the same way it did before IT moved to the cloud, by going directly to Microsoft's customers, and that the company should only be propelled to disclose data in "the most limited circumstances".

    "And when those limited circumstances arise, courts should have the opportunity to review the question and issue a decision."
    Tom007
  • Makes too much sense!

    Smith is DEAD right, and this should be the law of the land:

    Governments should gain access to information and data in the same way it did before IT moved to the cloud, by going directly to Microsoft's customers, and that the company should only be propelled to disclose data in "the most limited circumstances".

    "And when those limited circumstances arise, courts should have the opportunity to review the question and issue a decision."
    Tom007