Microsoft Tightens Security on and OneDrive

Microsoft makes good on some of its promises to lock down its cloud services after a government spying scandal that rocked the IT industry.

Microsoft security

If nothing else, last year's National Security Agency (NSA) spying scandal helped spark a tech industry movement to embrace encryption and improve cloud security.

Redmond, Wash.-based IT titan Microsoft said that it is delivering on some of the promises it made late last year to harden its cloud services against snooping. and OneDrive now feature more layers of encryption, making it harder for governments to access private user data.

After weathering months of a NSA spying controversy that ensnared the company along with other major companies, including Yahoo and Google, Microsoft vowed late last year to combat government cyber-spying. The move was sparked by steady stream of disclosures from ex-NSA contractor Edward Snowden.

According to leaked classified documents, the intelligence agency was essentially able to surreptitiously collect cloud user data at a massive scale from leading service providers. In December, Microsoft's top lawyer Brad Smith described the government's actions in terms usually reserved for hackers and botnet operators.

Given the reach and scope of the NSA's online spying capabilities, he asserted that "government snooping potentially now constitutes an 'advanced persistent threat,' alongside sophisticated malware and cyber-attacks."

To shield customers from the NSA's tactics, and those of other organizations, Smith said that Microsoft was turning on encryption by default for data moving between the company and users. Microsoft also pledged to use "best-in-class" cryptography and encrypt what moves between its own data centers.

Currently, Microsoft is "in the midst of a comprehensive engineering effort to strengthen encryption across our networks and services," Matt Thomlinson, vice president of Microsoft's Trustworthy Computing Security unit, said in a statement. His company's efforts, he noted, also help "us reinforce that governments use appropriate legal processes, not technical brute force, if they want access to that data."

Microsoft has reached some key milestones in its pursuit of unhackable cloud services. now boasts Transport Layer Security (TLS) encryption, affecting both outbound and inbound email, said Thomlinson. "This means that when you send an email to someone, your email is encrypted and thus better protected as it travels between Microsoft and other email providers."

Microsoft worked with several international providers for six months to "ensure that mail stays encrypted in transit to and from each email service," he said. Partners include Deutsche Telekom, Yandex and Mail.Ru.

For added security, the company "enabled Perfect Forward Secrecy (PFS) encryption support for sending and receiving mail between email providers," explained Thomlinson. "Forward secrecy uses a different encryption key for every connection, making it more difficult for attackers to decrypt connections," he attested.

PFS encryption has also been applied to OneDrive, the company's recently upgraded cloud storage service. "OneDrive customers now automatically get forward secrecy when accessing OneDrive through, our mobile OneDrive application and our sync clients," stated Thomlinson.

Finally, Thomlinson announced that the company opened the first Microsoft Transparency Center, located at its Redmond, Wash., headquarters. The first of other planned Transparency Centers, including one in Brussels, it provides "participating governments with the ability to review source code for our key products, assure themselves of their software integrity, and confirm there are no 'back doors.'"

Pedro Hernandez

Pedro Hernandez

Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the network of...