Microsoft Upgrades Encryption for Outlook.com, OneDrive

Microsoft just beefed up security encryption for its Outlook.com Web mail and OneDrive cloud storage properties. The move appears to be a response to Google calling out Redmond, among other cloud computing providers, in June for not doing enough to protect the privacy of users.

Microsoft first announced plans to bolster security of customer data and reinforce legal protections in December. The company also pledged to increase the transparency in how it engages with international governments around the world. With that said, Matt Thomlinson, vice president of Trustworthy Computing Security at Microsoft, announced three milestones toward those commitments.

"First, Outlook.com is now further protected by Transport Layer Security, or TLS, encryption for both outbound and inbound e-mail," Thomlinson said. "This means that when you send an e-mail to someone, your e-mail is encrypted and thus better protected as it travels between Microsoft and other e-mail providers. Of course, this requires their e-mail service provider to also have TLS support."

Closing Back Doors

Over the past six months, Thomlinson said, Microsoft has been working with international providers, including Deutsche Telekom, Yandex and Mail.Ru to test that e-mail stays encrypted as it goes to and from various e-mail services.

"In addition to the availability of TLS, Outlook.com has also enabled Perfect Forward Secrecy (PFS) encryption support for sending and receiving mail between e-mail providers," Thomlinson said. "Forward secrecy uses a different encryption key for every connection, making it more difficult for attackers to decrypt connections."

OneDrive has also enabled PFS encryption support. That means OneDrive customers get automatic forward secrecy when accessing the cloud storage service through OneDrive.Live.com, the OneDrive application and sync clients.

Finally, Thomlinson shared how the company opened its first Microsoft Transparency Center on its Redmond, Washington, campus. As he describes it, the Transparency Centers will let participating governments review source code for key...

Comments are closed.