Earlier this month, Microsoft announced plans to improve the encryption of data generated by its online services such as Outlook.com, SkyDrive and others. Those efforts were revealed after a new wave of leaked National Security Agency documents seemed to suggest that the U.S. spy organization was intercepting that data from Microsoft and other online companies like Google and Yahoo.
Today, Wired offered some more details on how Microsoft plans to thwart groups like the NSA from taking and reading their data. The company at first had the idea of sending data from their servers to "enormous network routers" that would encrypt the information before sending it out. That plan was squashed due to both cost concerns as well as the fact that the data might be too vulnerable because a single key would encrypt all of Microsoft's data.
Instead, the new plan is to use the thousands of servers inside Microsoft's data center to encrypt the information, via spare CPU resources, before it is sent to another center, or even if it is not transmitted. Mark Russinovich, one of the lead architects for Windows Azure at Microsoft, says, "You need a more distributed way of handling the problem: Every individual service — whenever it talks to another service — should encrypt that channel. Then the price for the encryption is paid for with the resources of the individual data centers."
Even with the improvements Microsoft is putting in place, that still doesn't make their data 100 percent hack proof. Indeed, the article bring up the possibly that the NSA or similar groups could plant a person inside Microsoft's data centers or turn a current employee to work for the group. Russinovich says, “An inside threat? That’s the scariest one. They could spear-phish him or blackmail him or maybe he’s just sympathetic to their cause.”