Late Wednesday night, Microsoft came out with a remarkable post regarding its position to customer security and data on the Internet. The post in regards to recent claims about NSA and governmental breaches featuring Microsoft and other tech companies puts new safeguards for data ahead.
The long post on the Technet site within Microsoft.com talks initially how the company responds to legal processes and protections. But it quickly expands into the new immediate and coordination actions the company will be taking to keep customers data safe and very secure.
The first major update Microsoft will be making will be expanding encryption services across its products, for both personal and enterprise levels. Microsoft states that they haven’t been aware of any breaches by unauthorized government access, but they don’t want to take any chances. They will be updating engineering efforts to keep data safe.
The updates will affect Outlook.com, Office 365, SkyDrive, and Windows Azure. The addition of encrypting data from customers and Microsoft along with data between its data centers was highlighted. They will be using Perfect Forward Secrecy and 2048-bit key lengths, and encrypt customer content they store. This should all occur by the end of 2014.
Legal Protections and Increasing Transparency
The other two items mentioned in the Microsoft post related to legal protections and increasing transparency. They will be challenging legal orders for customer’s data, and will assert jurisdictional objections to legal demands when governments seek customer data. National security will be obviously understood but Microsoft wants to protect customers data.
Microsoft will also be taking additional steps to increase transparency including providing government customers to review source code, and confirm no back doors. Transparency centers will be opened to show the integrity of Microsoft’s products in Europe, Asia, and the America’s and expand the range of products in these programs. These efforts are aimed to show that the Microsoft products are secure for governmental usage, and give customers a sense of security when using them for their data.
I think this is a bold move by Microsoft. They are showing how they want to help businesses, secure data, and not fold in the face of government requests for customers data.