Office 2010’s Web tools raise security questions

Yardena arar By Yardena Arar

Microsoft’s newest Office adds some nifty Internet features, including easy access to shared documents via SkyDrive and PowerPoint Broadcast.

But putting personal and business information into the cloud opens up potential security risks that all Office 2010 users should be aware of.

Microsoft says it has done its best to balance conflicting demands of convenience and security. Still, security experts say Office 2010’s Web-connectedness could present new opportunities for snoops and hackers.

This concern isn’t about some obscure Office capability — these potential threats touch on at least two of the suite’s coolest new features: SkyDrive and PowerPoint Broadcast. The former lets you easily share documents with colleagues, either via Office desktop apps or the new Office Web Apps. And with a simple Web link, anyone with a free Windows Live account can now run a PowerPoint 2010 slideshow, viewable by any remote user with a desktop browser.

At the very least, people who use these features should understand exactly what degree of security is and isn’t provided.

You get secure transit, but unencrypted storage

As Michael Lasky reported in his June 24 Top Story, SkyDrive uses SSL encryption to protect data in transit from your PC to Microsoft’s servers. But once a file arrives at its destination, security depends almost entirely on user authentication — password protection, to be more specific. “If anyone manages to compromise their credential system, you have a problem,” says Nasuni CEO Andres Rodriguez. Nasuni sells businesses client-server technology that encrypts sensitive documents before they’re stored online.

This article is part of our premium content. Join Now.

Already a paid subscriber? Click here to login.

= Paid content

All Windows Secrets articles posted on 2010-07-01:

Yardena Arar

About Yardena Arar

Yardena Arar has written about technology for the New York Times, the Canadian Press, the Associated Press, and the Los Angeles Daily News. She was an editor at PC World magazine from 1996 to 2009, and is now a PC World contributing editor.