Microsoft Outlines OneDrive for Business Data at Rest Encryption, OneDrive Support Coming Soon
Microsoft lifted the curtain a bit today on how Microsoft OneDrive for Business and SharePoint Online handle data encryption. A post by ’SharePoint Team’ on the official Microsoft Office blog detailed how OneDrive for Business data is encrypted at rest and in flight.
‘…when your data is in transit, it is encrypted as data moves between you and the datacenter and between the server and the datacenter, which uses 2048 bit keys. However, the encryption technology applies not only when the data is moving between servers or datacenters, but also when the data is at rest.”
OneDrive for Business Disk Encryption and File Encryption
The Microsoft post revealed that BitLocker is used for data security at the disk level, but at the file layer each file is given a key that is Federal Information Processing Standard (FIPS) 140-2 compliant and uses 256-bit keys via the Advanced Encryption Standard (AES-256).
Microsoft has produced a video that goes into additional detail about what security methods it uses for data-at-rest for SharePoint Online and OneDrive for Business, and I’ve embedded that video below.
What is “Inside Microsoft Teams”?
“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts. Our next episode, “Polaris Inc., and Microsoft Teams- Reinventing how we work and play” will be airing on Oct. 28th from 10-11am PST.
What about data encryption for OneDrive?
One thing that isn’t immediately clear when reading through the aforementioned blog post is whether those encryption features are included with the standard (consumer) version of OneDrive. A Microsoft blog post in July 2014 by Matt Thomlinson, the VP of trustworthy computing security, did state that OneDrive supported Perfect Forward Secrecy (PFS) encryption.
“OneDrive customers now automatically get forward secrecy when accessing OneDrive through onedrive.live.com, our mobile OneDrive application and our sync clients,” Tomlinson wrote. “As with Outlook.com’s email transfer, this makes it more difficult for attackers to decrypt connections between their systems and OneDrive.”
I reached out to some Microsoft PR representatives earlier today to find out if OneDrive had the same level of data at rest encryption, and a spokesperson told me “We have rolled out encryption at rest for OneDrive for Business and are working on it for OneDrive.” So expect to see data-at-rest encryption support for normal OneDrive in the near future. When that happens I’ll update this post to reflect the latest official information.
So are you currently using Microsoft OneDrive for Business? I’d love to hear what you think about Microsoft’s OneDrive security efforts, so please add a comment to this blog post, or contact me on Twitter or Google+. You can also catch up on my posts in the Petri IT Knowledgebase forums.