OneDrive for Business: Advanced File encryption (Fort Knox)
First time you my have seen it at SharePoint Conference 2014 in Las Vegas (SPC 2014). There were two sessions about Advanced File Encryption in SharePoint Online. Newer days Microsoft has announced, that you will have these encryption, also called Fort Knox, on each document that you will store at SharePoint Online or OneDrive for Business. Yourself you will have nothing to do, all things are behind the scene.
I will try an explanation with some pictures and text:
Therefore a potential attacker will have some problems:
- The content data are no more saved to the content database, only encrypted keys.
- content is stored in millions of Azure stores, but only in fragments, each stored will be blocked with a separate key
- All keys are stored in a key store database with billions other keys.
|if a possible attacker has enough time to analyze data…
no chance: All keys in the key store will exchanged all 24 hours.
The user (and or the admin) never comes in touch with any of these keys or may seen it.