Customers tell us they’d like more information as to how we protect data, certifications that our services have obtained, and how we address security in the cloud. To address these questions, we’ve put together a number of resources on four Cloud Trust Centers. See more >>
In July, we published a blog post which talked about the advancements Microsoft had made in encryption for Outlook.com and OneDrive to further increase the security of our customers data. Today, Microsoft Azure has taken additional steps toward our commitment to protecting customer data with the announcement of encryption improvements for Microsoft Azure guest OS.
The encryption improvements, which apply to Microsoft Azure cipher solution for hosted guest virtual machines, provide customers with enhanced protection when connecting and transmitting data. For example, the enhancements to the default Transport Layer Security (TLS)/Secure Socket Layer (SSL) cipher suites helps ensure that connections are better encrypted during transmission. In addition, enabling Perfect Forward Secrecy (PFS) helps ensure a different encryption key is used for every connection, making it more difficult for attackers to decrypt connections. See more >>
Last week my colleague, Matt Thomlinson, shared some important updates about Microsoft’s efforts to enhance protections for our customers’ data and to increase transparency regarding our engagements with governments around the world. Read more >>
As a company, we have been working hard to further increase data security protections in our services, to add capacity to our transparency center engagements with governments, and to push governments to be more transparent themselves.
In December, we announced our commitment to increase the security of our customers’ data, and our plans to reinforce legal protections for our customers’ data. In January, we called for an international convention focused on the issue of government access to data. Then in March, we shared the additional steps we took to protect your privacy.
We are committed to earning our customers’ trust each and every day, and today, Matt Thomlinson, vice president for Trustworthy Computing Security, shares the progress we are making on these fronts. I encourage you to check out his Microsoft on the Issues blog post to learn more about this announcement. See more >>
Posted by: Tracey Pretorius, Director, Trustworthy Computing
On April 8, 2014, security researchers announced a flaw in the OpenSSL encryption software library used by many websites to protect customers’ data. The vulnerability, known as “Heartbleed,” could potentially allow a cyberattacker to access a website’s customer data along with traffic encryption keys.
After a thorough investigation, we determined that Microsoft Services are not impacted by the OpenSSL “Heartbleed” vulnerability. In addition, Windows’ implementation of SSL/TLS was not impacted.
Microsoft always encourages customers to be vigilant with the security of their online accounts, change their account passwords periodically and to use complex passwords. More information on how to create strong passwords is available here: Microsoft Security & Safety Center: Create strong passwords. Read more