SkyDrive Security

Do you use SkyDrive only for storing photos and miscellaneous files?  What about important correspondence or files containing personal information?  What about sensitive files such as tax returns or copies of bank statements?

The question about sensitive information was raised in the comments of my article Moving to SkyDrive regarding the security for sensitive files on SkyDrive:

"Is Skydrive suitable as a place to sync/save sensitive information (e.g. tax/financial records) or is it just really for things like photos, unimportant Office files etc? It would make things simpler for me if I could use Skydrive to sync all my files including the sensitive ones, but I am hesitating on security grounds."

In retrospect, my immediate reaction to the question was short-sighted:

"Short answer: Yes, sensitive documents (e.g. tax/financial records) saved to SkyDrive are secure. The only way to access those files is by secure logon with your Microsoft Account.

That raises the reminder of ensuring that a strong/unique password is used for your Microsoft Account. For additional information regarding a strong password, see Password Generator & Checker | How Secure is my Password.

Additionally, regardless of whether anyone uses SkyDrive or not, I strongly recommend taking the steps to protect your account. This article written for "Hotmail" equally applies to the revamped Outlook.com: Hotmail Security to Protect and Recover Your Account ~ Security Garden."

Why, after reconsideration, do I consider my response short-sighted?  Let's take a closer look at transporting and accessing files on SkyDrive.

Transporting Files to SkyDrive

When saving your files to SkyDrive, the method used for transport encryption of your data from your computer to SkyDrive is called Secure Socket Layer, or SSL.  SSL protocol uses standard key cryptographic techniques for the communication session between the client (your computer) and server (SkyDrive).

Thus, during transit from your computer to SkyDrive, your data is protected from interception and is reachable and readable only on SkyDrive. However, it is important to consider that SkyDrive does not include any additional encryption on the files after being uploaded. 

Accessing Files on SkyDrive

The default setting of files saved from your computer to SkyDrive is set to "only me".  Thus, no one can view your files and documents without your consent unless you intentionally select the folder and change the setting. (See this Microsoft help document for instructions on how to Share files and folders and change permissions.)

In other words, the only way to access the files set to "only me" is by logging on to SkyDrive with your Microsoft Account.  But, what if your Microsoft Account is compromised or if you inadvertently change the setting to public?

Another situation that could compromise the security of sensitive information is that anything uploaded via a mobile device is automatically stored in the Mobile uploads folder.  Fellow Microsoft MVP, Richard Hay, discovered recently that the Mobile uploads folder in the SkyDrive cloud storage is set by default as Shared with Friends.  The default setting can be changed by logging on to your SkyDrive account via your browser.

Securing Sensitive Files

There should be no concerns about security of your files stored in a private folder on SkyDrive, accessible only by you when you logon with your Microsoft Account.  However, for sensitive files, you may want to add an additional layer of protection to those files.

The easiest method is password protecting Microsoft Office files, illustrated in this Office support document:   Protect your document, workbook, or presentation with passwords, permission, and other restrictions.

Important:  Be careful to note somewhere offline the password used to protect your Office files.  There is no way that Microsoft can help you retrieve forgotten passwords.

Ben Herila of Microsoft provided additional methods of protecting your data on SkyDrive in his post in How secure are files on SkyDrive?:

"Some examples of methods that will protect your data on SkyDrive include: 

• Password protected RAR or 7Z archives
• Password protected Office 2010+ documents or 
• PDF documents with AES-256 encryption PGP-encrypted files"

For particularly sensitive information, I suggest you read both How secure are files on SkyDrive? and Microsoft account, Hotmail, SkyDrive.

~   ~   ~   ~   ~   ~

As a SkyDrive Insider, I am excited to share information about SkyDrive.  If you have a question about this post, please leave a comment and I'll do my best to assist.

Learn more about the SkyDrive Insiders program here.

References

• Download SkyDrive Desktop App for Windows
• Download SkyDrive Apps
• Mobile Uploads Folder on SkyDrive Shared with Friends By Default
• New Videos Highlight Fundamentals of Service Reliability - Cloud Computing | Microsoft Trustworthy Computing Blog
• SkyDrive Help & How-to 
• SkyDrive Status: https://status.live.com/
   

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...