Microsoft Beefing Up Outlook, OneDrive Security

By Kevin Parrish
published

Matt Thomlinson, Vice President of Trustworthy Computing Security at Microsoft, updated the Technet blog with news that Microsoft is beefing up security in regards to Outlook.com and OneDrive. This move is part of a broader effort to protect user data from the NSA and other unwanted snoops secretly trying to get a peek at user data.

"We are in the midst of a comprehensive engineering effort to strengthen encryption across our networks and services. Our goal is to provide even greater protection for data across all the great Microsoft services you use and depend on every day," Thomlinson writes. "This effort also helps us reinforce that governments use appropriate legal processes, not technical brute force, if they want access to that data."

He first mentions Outlook.com, which is now protected by Transport Layer Security, or TLS. This will be applied to both inbound and outbound email, meaning that when an Outlook.com user sends an email, it's encrypted as it travels to the recipient. The drawback is that in order to receive encrypted email, the recipient's service must support TLS as well.

Thomlinson says that Microsoft is working with major email providers to make sure that TLS is up and running across the industry, and that email stays encrypted to and from each email service. Several examples of this movement include Deutsche Telekom, Yandex and Mail.Ru.

"This encryption work builds on the existing protections already in many of our products and services, like Microsoft Azure, Skype and Office 365, and some improvements we have made over the last six months," he writes. "A few examples include enhanced message encryption in Office 365 as well as Azure's addition of ExpressRoute, a service that enables businesses to create private connections between Azure datacenters and infrastructure on their premises or in a colocation environment."

Outlook.com has also enabled Perfect Forward Secrecy (PFS) encryption support. This method uses a different encryption key for every connection, Thomlinson writes, making it harder for hackers to decrypt the connections. OneDrive uses PFS as well, allowing customers to automatically receive forward secrecy when accessing the online storage locker through the web address, sync clients and mobile apps.

Finally, Microsoft has launched its very first Transparency Center on the Redmond, Washington campus. Participating governments can now review Microsoft's source code for key products to make sure the software has no evil secrets, and doesn't provide "back doors" for hackers and snooping government officials.

"The Redmond location is the first in a number of regional transparency centers that we plan to open. We continue to make progress on the Transparency Center in Brussels that I announced in January, with other locations soon to be announced," he writes.

Follow Kevin Parrish @exfileme. Follow us @tomshardware, on Facebook and on Google+.

Kevin Parrish
7 Comments Comment from the forums
  • catswold
    You want truly secure email (NSA proof), check out ProtonMail created by a group at CERN in Switzerland who did so in reaction to the Snowden leaks.
    Reply
  • Innocent_Bystander
    You want truly secure email (NSA proof), check out ProtonMail created by a group at CERN in Switzerland who did so in reaction to the Snowden leaks.


    I wouldn't go as far as calling anything out there NSA-proof.There is a vulnerability in any complex system and if anyone will find it it's these guys.
    Reply
  • JPNpower
    13633787 said:
    You want truly secure email (NSA proof), check out ProtonMail created by a group at CERN in Switzerland who did so in reaction to the Snowden leaks.

    NO NO NO! SERN spies on innocent people as much as, if not more so than, the NSA. According to an insider named John Titor, they are currently trying to develop a time machine through Kerr black holes made through their Large Hadron Collider. This is kept hidden from the public, and all those who know more than they should will be targeted with their global scale eavesdropping.

    I leave you with undeniable video evidence.
    El Psy Congroo.
    http://youtu.be/nS4wjiFRGO0
    Reply
  • jhansonxi
    Mostly marketing BS. No encryption M$ can deploy is going to protect your privacy from an agent with a "National Security Letter" or the inquiries of any other government whose jurisdiction they have servers within. At most it will make continuous, unofficial, and unacknowledged monitoring slightly more difficult. Even if these changes could have significant impact, governments would simply go after the services of whomever you are communicating with.
    Reply
  • catswold
    I would trust the security of CERN over MS. Of course right now the only truly secure means of communicating is via Tor. Personally, I'm still using Yahoo Mail.

    I'm not particularly concerned over what the NSA might think about my sending messages like, "Hey, missed you last night, see you tomorrow," or "Check out this article on the M&P Shield," etc. :)
    Reply
  • junkeymonkey
    like Microsoft says its all cloud based your files are ''out there'' and not on your computer .. I have yet to understand why everyone just jumps on this bandwagon.. as my opinion I don't care to have my computers os cloud based as now with this and if your using 8 well that's its prime selling point.. you talk about the nsa but who else is tapping in to your stuff that's stored on o server somewhere in the world that don't have the laws to protect them from just anybody?? bottom line they talk it up about protecting your privacy but its the last thing they want to do cause then they cant target you so easy ..
    Reply
  • back_by_demand
    If they open doors to allow people to interrogate the source code for back doors, everyone that accuses them of having a back door should go and look for themselves. Can't find one? Then STFU.
    Reply