Microsoft Banks on Encryption to Protect Office 365 User Data

Take that, NSA. Microsoft uses a multi-layered approach to data encryption to help keep Office 365 data away from prying eyes.

Microsoft Office 365 encryption

Rock-solid uptime and a wealth of enterprise-friendly features mean nothing if cloud security isn't up to snuff.

After a bruising year spent countering allegations that it helped the U.S. National Security Agency (NSA) snoop on its cloud services, Microsoft's is assuring customers that the Office 365 is protected by multiple layers of encryption. And that protection begins the moment customers send data to the Redmond, Wash.-based tech giant's cloud data centers.

"At the service level, we encrypt all data between your users and the Office 365 service using Transport Layer Security (TLS) that leverages SSL encryption," Asaf Kashi, group program manager in the Microsoft Office 365 Information Protection unit, wrote in a blog post. "This protects your data from anyone sniffing the transit pipes."

Cloud data privacy and security shot to the top of the IT industry's worry list last year after ex-NSA contractor Edward Snowden disclosed the agency's vast intelligence-gathering apparatus. Among the revelations was the MUSCULAR project, which tapped into the Internet communications of Google and Yahoo data centers.

Upon this revelation, Microsoft joined AOL, Apple, Facebook, Google and Yahoo in supporting the USA Freedom Act, which seeks to curb the NSA's massive data and phone records dragnet.

"Our companies believe that government surveillance practices should also be reformed to include substantial enhancements to privacy protections and appropriate oversight and accountability mechanisms for those programs," stated the Oct. 31 letter. In November, reports surfaced that Microsoft was taking the potential threat to its networks seriously and was investing heavily in encryption.

Now, nearly a year later, Microsoft is affirming that customer data is well-protected courtesy of three types of encryption.

"Our first encryption mechanism is Rights Management Services, or RMS, which is mostly used when you are communicating within your organization, or with your trusted business partners," wrote Kashi. This allows organizations to control if content can be forwarded or printed and eliminates man-in-the-middle attacks.

The second is Office 365 Message Encryption, which extends data safeguards to any SMTP email address. "This provides you a way to send encrypted content, such as mortgage applications or medical records, which your consumer might only look at once, but allows you to confirm that the information has been encrypted," Kashi wrote.

Finally, in certain scenarios, Microsoft offers to wrap Office 365 email communications in S/MIME, "a certificate-based encryption mechanism that allows any two clients to communicate securely, independent of what servers or services are in-between them," he added.

Further keeping sensitive data under wraps are an assortment of data loss prevention (DLP) capabilities. Office 365 DLP options include "making your users aware about the sensitivity of the content being shared or block them outright from sharing particular sensitive content at all," Kashi wrote.

Pedro Hernandez

Pedro Hernandez

Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the network of...