Microsoft says NSA spying hit trust in the cloud


This post is also available in: עברית (Hebrew)


A senior Microsoft spokesman says that government surveillance has damaged trust in the cloud and in the company itself, pushing the latter to focus more on data privacy and security.

Jeff Jones, Microsoft’s principal cyber-security strategist, was presenting at the IP Expo Europe exhibition in London recently, where he suggested that the leaks from NSA whistleblower Edward Snowden had impacted the Redmond technology giant and the cloud computing market as a whole.

Microsoft offers more than 200 cloud service products, but has been in the headlines for all the wrong reasons over the last 18 months: first over claims that SkyDrive was continually tapped by the NSA, and then over the US DOJ decision that the government could view information held at its non-US data centers.

“Beginning on 7 March 2013, PRISM [iHLS Newsdesk: ’PRISM’ is a code name given to an NSA counterterror surveillance program] now collects Microsoft SkyDrive data as part of PRISM’s standard Store Communications collection package for a tasked FISA Amendments Act Section 702 [FAA702) sector,” revealed a presentation slide released by American journalist Glenn Greenwald in his book entitled ‘No Place To Hide‘.

iHLS Israel Homeland Security

Microsoft is unlikely to have been alone as trust in the cloud dropped. Forrester researchers estimate that the scandal could cost the cloud computing industry up to $180 billion over the next three years while a study from NTT Communications indicates that almost 90% of IT managers have changed the way they use the cloud since. The same study claims that 16% delayed or cancelled their contracts with their providers.

As a result, Microsoft claims they spent the last year making efforts to ensure that its cloud products – which include Azure, Dynamics CRM, Office365, SkyDrive and OneNote – are more security and privacy-friendly, and that the firm is transparent about the data requests it receives from governments.

The Silicon Valley giant promised at the time that it would expand encryption across all services by the end of the 2014 financial year, including using ‘best-in-class industry cryptography’ such as Perfect Forward Secrecy and 2048-bit key lengths.