Friday 8 November 2013

Microsoft protects Windows Azure users against PRISM with self-managed encryption key capability

Cloud computing
Microsoft is helping business to better protect their data held on its Windows Azure cloud computing service by enabling them to manage their own encryption keys. The move is part of a collaboration with security firm Thales.
The deal will see Thales deploy its nShield hardware security modules (HSMs) inside Microsoft's Azure data centres. The technology will be used to improve security for Microsoft Rights Management service (Windows Azure RMS).
With the Thales HSMs, business users of Windows Azure will be able to independently generate and manage the encryption keys used to protect information flowing on, or stored in the cloud. This technique, dubbed bring your own key (BYOK), means that if a government agency wanted to view it, they would have to go directly to the customer.
The move follows concerns about US cloud providers' involvement in the National Security Agency's (NSA) PRISM campaign. The campaign was revealed earlier this year when ex-CIA analyst Edward Snowden leaked documents to the press, proving that the NSA was covertly gathering vast amounts of data from companies such as Microsoft, Google, Apple, Facebook and Yahoo.
The revelation led to concerns about the security of US-based cloud services. The Information Technology and Innovation Foundation (ITIF) estimates that PRISM will cost the US cloud computing industry $22-$35bn in lost revenue over the next three years.
Microsoft partner group program manager Dan Plastina said he expects the BYOK offering to help in the firm's ongoing battle to assure customers that their data is safe on Azure.
"The Microsoft Rights Management service helps customers safeguard their data, both inside and outside of the organisation," he said.
"As a result of our collaboration with Thales, our customers can generate and upload their own master keys to a cloud-based HSM and keep complete control over their keys, giving them confidence that their data is protected."
Microsoft is not the only cloud service provider to offer customers the ability to manage their own encryption keys. Amazon already offers a similar capability with the AWS CloudHSM feature for customers of its Virtual Private Cloud service.

No comments:

Post a Comment