Why Microsoft Is Encrypting Its Cloud Services

In response to increasing levels of government surveillance online, Microsoft has increased the levels of encryption used in its cloud products and says it will make it easier for government users to check its own code for "back doors" allowing access to sensitive data. However, the company has stopped short of opening up source code for all customers.

Encryption picture from Shutterstock

Microsoft announced the policy change in an unusually-strongly-worded blog post. It's not every day you see a listed corporation describe government surveillance as an "advanced persistent threat" that's functionally equivalent to malware.

The main changes, all of which are planned to be implemented by the end of 2014, are:

  • All content moving between Microsoft and customers will be encrypted by default
  • All data moving between Microsoft data centres will be encrypted by default
  • All customer content will be encrypted
  • Developers building services on Azure or Office 365 will be able to choose whether or not data is encrypted for individual apps

Microsoft is also planning to make it easier to review its own products for potential flaws:

We're therefore taking additional steps to increase transparency by building on our long-standing program that provides government customers with an appropriate ability to review our source code, reassure themselves of its integrity, and confirm there are no back doors.

That's good news for government customers, but unfortunately the same flexibility isn't being extended to anyone else.

[The Official Microsoft Blog]


Comments

    Microsoft are encrypting towards the end of 2014, so they are a long way off yet. In addition as a USA owned company they most certainly are legally beholding to obeying the NSA officer who turns up to install a wiretap or ask for their certificates.

    They are not even allowed to say that such an NSA tap has been installed.

    Only by dealing with NON-USA legal entities can you hope to reduce your NSA exposure a little, and sadly even that doesn't seem enough as news is emerging today about how much in bed Telstra is.

    pffft, I noticed that MS dont say where the Keys are kept...
    What makes you think that they wont hand them over to the NSA etc?

Join the discussion!