By Yardena Arar
Microsoft’s newest Office adds some nifty Internet features, including easy access to shared documents via SkyDrive and PowerPoint Broadcast.
But putting personal and business information into the cloud opens up potential security risks that all Office 2010 users should be aware of.
Microsoft says it has done its best to balance conflicting demands of convenience and security. Still, security experts say Office 2010’s Web-connectedness could present new opportunities for snoops and hackers.
This concern isn’t about some obscure Office capability — these potential threats touch on at least two of the suite’s coolest new features: SkyDrive and PowerPoint Broadcast. The former lets you easily share documents with colleagues, either via Office desktop apps or the new Office Web Apps. And with a simple Web link, anyone with a free Windows Live account can now run a PowerPoint 2010 slideshow, viewable by any remote user with a desktop browser.
At the very least, people who use these features should understand exactly what degree of security is and isn’t provided.
You get secure transit, but unencrypted storage
As Michael Lasky reported in his June 24 Top Story, SkyDrive uses SSL encryption to protect data in transit from your PC to Microsoft’s servers. But once a file arrives at its destination, security depends almost entirely on user authentication — password protection, to be more specific. “If anyone manages to compromise their credential system, you have a problem,” says Nasuni CEO Andres Rodriguez. Nasuni sells businesses client-server technology that encrypts sensitive documents before they’re stored online.