NSA Revelations Prompt Microsoft To Bolster Cloud Encryption, Transparency


Microsoft is taking steps to strengthen the data security measures of its cloud-based services to stem a growing apprehension surrounding its practices as result of the ongoing leaks about the National Security Agency's surveillance activities.

The changes are generally being met with praise from resellers and service providers fielding a variety of questions from clients evaluating cloud products from U.S. companies.

Microsoft's general counsel said on Wednesday that the company would bolster encryption for data flowing to and from its Outlook.com, Office 365, SkyDrive and Windows Azure services. Strong encryption will be in place by the end of 2014, according to the new plan outlined by Brad Smith, Microsoft's general counsel and executive vice president of legal and corporate affairs. Under the plan, encryption will also be applied to data stored in the company's servers. The encryption option will be provided to the developers of third-party services developed to run on Windows Azure, Smith said.

 

[Related: 10 Ways NSA Surveillance Revelations Could Impact The Channel ]

U.S. technology vendors are trying to buttress trust in their products, following a long litany of news leaks about the extent of the NSA's global surveillance programs. Some of the leaks outlined in documents stolen by government contractor Edward Snowden have suggested cooperation between software makers and government intelligence officials as part of doing business in the U.S. Resellers, consultancies and service providers told CRN that they have seen a significant rise in concern from businesses in Europe and Asia. Any potential fallout from the NSA revelations is still being measured, said Dipesh Patel, principal of Pariveda Solutions, a cloud strategy and solutions provider based in Dallas.

"People are now much more curious about where their data goes, how it is treated and stored," Patel said. "Many of these questions are around compliance and security standards and what Microsoft's data centers do and what they don't do."

Microsoft is appealing to its international customers whose longstanding concerns about data security and privacy as a result of the U.S. Patriot Act have expanded since the NSA leaks, said Rick Doten, chief information security officer at Digital Management Inc., a Bethesda, Md.-based mobility solutions provider. All large, global technology vendors based in the U.S. are bracing for the fallout and trying to shore up customer faith in their products and services, Doten said.

"They're doing prudent things to be able to be more transparent, and while data security has been available, only now are we seeing encryption applied to areas where risk has generally been assumed," Doten said. "Trust has taken a big hit."

NEXT: Microsoft To Fight Gag Orders, Increase Source Code Review