NATO has signed Microsoft's newest Government Security Program (GSP) agreement, extending the two organizations' 12-year partnership, the software giant announced today.
GSP is a program that provides governments with vulnerability and threat intelligence from Microsoft along with other resources to help agencies safeguard their data against hackers. "It is open to government agencies regardless of a commercial contract with Microsoft, and is an important part of what we consider to be our duty as global citizens," said Glenn Pittaway, senior director of Trustworthy Computing Government and Industry Programs at Microsoft, in a Sept. 14 statement.
"NATO is facing new and increasingly dangerous threats to cybersecurity across the world and these threats could affect national economies and citizens," said Koen Gijsbers, NCI Agency General Manager, in a statement. "To avoid it, NCI Agency strongly believes in rapid and early information sharing on threats and vulnerabilities with leader companies worldwide, such as Microsoft. Trust is the key to success."
Critically, GSP helps put to rest suspicions that Microsoft's products deliberately contain code that allows other parties, namely the U.S. government, to pry into sensitive data.
"The GSP provides transparency by giving governments controlled access to the source code for our core enterprise products," according to Microsoft. "This level of transparency can help reassure customers that Microsoft products do not contain hidden 'back doors.' It also enhances a government's ability to design and build more secure computing infrastructures and adopt new technology more rapidly."
For years, particularly after the U.S. National Security Agency's (NSA) cyber-spying scandal of 2013, Microsoft and its peers in the tech industry have been battling the perception that they purposely build backdoors into their software and IT systems. Last year, the FBI Director James Comey reignited the controversy by calling for encryption backdoors.
Meanwhile, major cloud providers are charging ahead with solutions that enable users to keep their data private.
Google is supporting the effort by letting customers ensure the security of their cloud workloads on their own terms with the Customer-Supplied Encryption Keys for Google Compute Engine program. Over at Azure, Microsoft's cloud computing platform, GSP offers assurance in the form of "an expansive disclosure of technical information, including the design and operations documentation of Microsoft products and cloud services," the company said.
For Microsoft, the deal is part of an ongoing effort to advance data security in Europe, according to Jan Neutze, director of Cybersecurity Policy at Microsoft EMEA (Europe, Middle East and Africa).
"In June, we opened the Transparency Center in Brussels, where GSP participants can review and assess the source code of Microsoft products in a secure environment," Neutze noted in a company blog post. "Since then, there have been more additions to the GSP community, including the European Commission and since today NATO, which now brings the total number of participants to 44 different agencies from 26 governments and organizations worldwide."