Strengthening encryption for Microsoft Azure customers

In July, we published a blog post which talked about the advancements Microsoft had made in encryption for Outlook.com and OneDrive to further increase the security of our customers data.   Today, Microsoft Azure has taken additional steps toward our commitment to protecting customer data with the announcement of encryption improvements for Microsoft Azure guest OS.

The encryption improvements, which apply to Microsoft Azure cipher solution for hosted guest virtual machines, provide customers with enhanced protection when connecting and transmitting data. For example, the enhancements to the default Transport Layer Security (TLS)/Secure Socket Layer (SSL) cipher suites helps ensure that connections are better encrypted during transmission.  In addition, enabling Perfect Forward Secrecy (PFS) helps ensure a different encryption key is used for every connection, making it more difficult for attackers to decrypt connections.

As technology advances and attackers continue to adjust their tactics, it’s essential that cloud providers evolve their security protections to keep pace with the changing landscape. Over the years as cipher suites become compromised, staying diligent and nimble is essential. The latest advancements implemented by Microsoft Azure is an important step in the ongoing chain of evolution in our security commitment, and helps provide customers with additional layers of protection that reduce the risk of an attacker being able to successfully decrypt a connection.

By providing PFS, it will help ensure that connection keys remain fresh, and that attackers who may have a compromised key, are not able to reuse it in future sessions when trying to decrypt traffic going to and from a guest virtual machine. These advancements are another important step in the journey to helping ensure our customers get the best in class security protections as they become available.

For more detailed information regarding these security enhancements, please see the upcoming changes in the MSDN article, “Differences between Azure Guest OS and Default Windows Server”.

About the Author
Mike Reavey

General Manager, Trustworthy Computing

Mike Reavey is a general manager in the Trustworthy Computing Group at Microsoft where he leads the cross-company approach to securing online services. Prior to this role, Reavey spent the past eleven years focused on protected Microsoft’s global customer base Read more »