NSA Revelations Prompt Microsoft To Bolster Cloud Encryption, Transparency


Many clients simply want to understand who has access to any data residing in cloud-based applications and assurance of its continued availability, said Derik VanVleet, director of cloud strategy at Cloud Sherpas, a consultancy and cloud services provider based in Atlanta. Ultimately, most small and midsize businesses find increased security, not less security, once they get a full look at how large providers manage their massive data centers, VanVleet said.

"Once an enterprise customer is fully educated about what happens and their compliance concerns are met, there is an increased comfort level," VanVleet said.

Microsoft's Smith also reiterated the company's current policy to notify businesses of any requests it gets from law enforcement to access its customer data. But requests for customer data containing a gag order would be challenged in court, he said. Such requests typically come from the FBI and other U.S. federal agencies under a National Security Letter. In 2012, Microsoft received 1,000 demands with an accompanying gag order.

"We've done this successfully in the past, and we will continue to do so in the future to preserve our ability to alert customers when governments seek to obtain their data," Smith said. "We'll assert available jurisdictional objections to legal demands when governments seek this type of customer content that is stored in another country."

Microsoft also plans to open up transparency centers in Europe, the Americas and Asia to give government customers the ability to review the source code of its products. The company has a program to provide government clients with source code upon request. The changes will broaden the range of products included in its source code review program for prospective government clients, Smith said.

"We want to ensure that important questions about government access are decided by courts rather than dictated by technological might," Smith said.

PUBLISHED DEC. 5, 2013