Microsoft commits to improving Internet encryption, as Forrester says that the cloud has become the new normal for businesses.
Against a raft of US government surveillance revelations emerging from Edward Snowden this year, Microsoft’s chief general counsel has committed to encrypting Internet traffic as it travels through – and between – its data centres around the world.
The most interesting aspect of this commitment, SCMagazineUK notes, is that it does not matter whether these data centres are in the cloud or a direct-access presence as far as the end-user is concerned.
In parallel with Microsoft’s encryption commitment, Forrester Research says that cloud computing has now reached the stage where it has become the norm as far as business IT infrastructure is concerned.
Brad Smith, Microsoft’s general counsel, says in his company blog post that the Redmond giant is taking steps to ensure that any government surveillance of the Internet is conducted legally, rather than using technology-driven subterfuge.
Smith, who stopped short of mentioning the National Security Agency by name, revealed that Microsoft has been alarmed by allegations that “some governments” had collected customer data from the Internet without warrants.
“If true, these efforts threaten to seriously undermine confidence in the security and privacy of online communications,” he said, before adding that government snooping potentially now constitutes an ‘advanced persistent threat’ along with sophisticated malware and cyber attacks.
As previously reported back in October, The Washington Post noted that the NSA secretly accessed data from several technology giants such as Google and Microsoft by intercepting unencrypted Internet traffic under its MUSCULAR programme – which forms part of Operation PRISM.
Microsoft’s game plan is to move to 2,048-bit encryption by the end of next year – a technology that reportedly takes ten years to crack in real time – bringing the software giant into line with the likes of Facebook and Yahoo.
Smith also committed Microsoft to open transparency centres around the world with the aim of showing its users that its software has now `backdoors.’
“We all want to live in a world that is safe and secure, but we also want to live in a country that is protected by the [US] Constitution,” he said.
In parallel with this move, Forrester Research says that 2014 will be the year that cloud computing becomes the new normal as far as corporate IT is concerned, and will soon be integrated into existing IT portfolios – whether the IT department likes it or not.
Amongst a list of predictions, Forrester says that the public cloud computing will become the default backbone for the Internet of Things (IoT), noting that the IoT will generate billions of data points in 2014.
Aggregating this data and acting on its findings, says the research firm, will best be achieved by capturing, analysing and responding from the cloud.
As part of this shift, Forrester says that perimeter security will shift outside the perimeter, driven by the cloud and mobility generally – and with the security focus shifting away from protecting the network and devices to protecting the data with a Zero Trust security model.
This approach, SCMagazineUK notes, parallels Microsoft’s shift to encrypted data and perhaps explains why Forrester also predicts that cloud security will be much more centralised and automated in 2014.
So, what’s the bottom line? Encryption of data at all points – and cloud computing – are set to become the new normal, and as Forrester observes: “If you’re resisting the cloud because of security concerns, you’re running out of excuses.”
“The leading public cloud providers have made strong gains in security and compliance, and there are few workloads completely off-limits for public cloud anymore,” the research group adds.
- Microsoft expands encryption and boosts legal protections for its data to tackle government spying (thenextweb.com)
- Microsoft labels US government a ‘persistent threat’ in plan to cut off NSA spying (theverge.com)
- Microsoft confirms encryption across cloud services (zdnet.com)