Microsoft beefs up OneDrive security

Credit to Author: Gregg Keizer| Date: Wed, 26 Jun 2019 11:49:00 -0700

Microsoft today announced changes to its OneDrive storage service that will let consumers protect some or even all of their cloud-stored documents with an additional layer of security.

The new feature – dubbed OneDrive Personal Vault – was trumpeted as a special protected partition of OneDrive where users could lock their “most sensitive and important files.” They would access that area only after a second step of identity verification, ranging from a fingerprint or face scan to a self-made PIN, a one-time code texted to the user’s smartphone or the use of the Microsoft Authenticator mobile app. (The process is often labeled as two-factor security to differentiate it from the username/password that typically secures an account.)

The idea behind OneDrive Personal Vault, said Seth Patton, general manager for Microsoft 365, is to create a failsafe so that “in the event that someone gains access to your account or your device,” the files within the vault would remain sacrosanct.

Access to the vault will also be on a timer, Patton said, that locks the partition after a user-set period of inactivity. Files opened from the vault will also close when the timer expires.

As the feature’s name implied, the vault is only for OneDrive Personal, the consumer-grade storage service, not for the OneDrive for Business available to commercial customers. Although OneDrive Personal is a free service – albeit with a puny 5GB of storage – many come to it from the Office 365 subscription service. There, users are allotted 1TB of OneDrive space. (The single stand-alone plan is $2 per month for 50GB.)

On Windows 10 machines, the Personal Vault synchronizes to a BitLocker-encrypted section of local storage; think of it as a specially-encrypted folder. Like OneDrive for Business, OneDrive Personal encrypts data during transit between the PC and Microsoft server (and back), as well as when the data is “at rest” (on Microsoft’s server).

OneDrive for Business does not have a vault feature and is unlikely to get one. That should not come as a surprise, as it would allow employees to store data where the company and its IT staff had no visibility.

Because OneDrive Personal is associated with Office 365 Home and Office 365 Personal, and because those consumer-appropriate subscription plans are not licensed for work-related tasks, on purely legal grounds, the vault isn’t suitable for storing business documents and files. The truth, however, is that those Office rent-not-buy programs are often used by very small businesses and sole proprietors.

OneDrive Personal Vault would, in that context, be a suitable location for crucial business documents and data, such as customer contact lists and accounting software data files.

Microsoft’s Patton said that OneDrive Personal Vault would be available “soon” to customers in Australia, Canada and New Zealand, then extended to all by the end of the year.

http://www.computerworld.com/category/security/index.rss