2 Comments

Summary:

Microsoft one-ups its encryption gameplan, adding Transport Layer Security to Outlook.com and enabling Perfect Forward Secrecy on Outlook.com and OneDrive.

Microsoft is now encrypting messages flowing between its own Outlook.com mail service and third-party mail providers using Transport Layer Security, and has also enabled Perfect Forward Security in Outlook.com and OneDrive file storage. Perfect Forward Secrecy uses a different encryption key for each connection, according to a Microsoft Technet blog.

TLS support means that mail flowing into and out of Outlook.com accounts is encrypted and “thus better protected as it travels between Microsoft and other email providers,” as long as those other email vendors also support TLS, wrote Matt Thomlinson, VP of Microsoft’s trustworthy computing security group.

Microsoft rival Google last month called for other email providers to make use of Perfect Forward Secrecy technology so that messages are protected from their point of creation to their destination.

Thomlinson also said Microsoft worked with international mail providers including Deutsche Telekom, Yandex and Mail.Ru “to test and help ensure that mail stays encrypted in transit to and from each email service.”

Ever since Edward Snowden’s disclosures about the U.S. National Security Agency snooping on cloud customer data, U.S. cloud providers have been falling all over themselves to prove they are good stewards of customer information.

Microsoft’s general counsel Brad Smith, who spoke on the topic at Gigaom’s recent Structure Conference, has been in the forefront of that fight.

These companies say unchecked (and secretive) government data gathering is bad for their businesses and argue that it’s also bad for the U.S. in general. The NSA disclosures have given non-U.S.-based cloud providers a powerful marketing tool to argue that German citizens (or companies) should stick to German providers for their cloud computing needs; ditto France, and so on.

Now U.S. tech powers like Microsoft, Hewlett-Packard, Google and so on have to show that they are prepared to fight — even fight the U.S. government, if need be — to protect customer data.

At Structure, HP EVP Bill Veghte said NSA-gate had hurt cloud adoption in China, which is building infrastructure like gangbusters while U.S. vendors have to deal with spying concerns. “It’s just a bummer,” he said.

 

Comment

Community guidelines
Wednesday, August 27, 2014
Avatar you are commenting using your account. Sign out / Change

Comment using:

Or comment as a guest

Be sure to review our Community Guidelines. By continuing you are agreeing to our Terms of Service and Privacy Policy.

2 Comments

  1. Snore, wake me up when they start encrypting the emails at rest on their servers in the their data-centers. Or even better start encrypting them with user keys- so that they can’t decrypt them.

  2. Will Microsoft stick with Perfect Forward Security like they stuck with PlaysForSure?