Live ID and Skydrive – Consumer Delight, Enterprise Headache

The User Experience

As I’ve churned my way through a number of Windows 8 devices and installations, one of the things I’ve appreciated is that I never have to reconfigure much.  My personalization just appears when I log in.  Operating purely in user mode (temporarily turning off the bit that makes me wonder how secure something may be), this is fantastic.  I love getting a brand new laptop and then having it magically connect to a WiFi network without having to ask that network owner for their WiFi password again.  Poof, it just works.

Between public cloud offerings and a robust corporate infrastructure at CMS, I can honestly tell you there is NOTHING on my machine that couldn’t be blown away.  It still needs securing, because my laptop does have a cache of my mailbox, corporate files, personal files, etc.  But it’s only a cache so if I crunch that hard disk, nothing is lost.  I just sit at any other machine, log on and continue working like nothing happened.  I love this.  I have at least 4 machines I use regularly, and everything is entirely consistent across them.

High Value Stakes = Greater Security Risk

I’m confident that everyone reading this has received spam from a friend’s Hotmail account and then got the apologetic “sorry my account was hacked” email.  Or worse, had it happen to them.  If you thought compromising Windows Live ID’s was attractive before, now that it will get you to a person’s Skydrive, browsing history, WiFi and browser stored passwords, etc, it just got a whole lot more attractive to hackers to phish for.  I predict a substantial increase in Windows Live id phishing.

Now Microsoft has made some efforts to increase security around your Live ID.  Someone logging in from an untrusted machine (as defined by you) does have some extra hoops to jump.  What gets synchronized and how it is protected is described in the following blog post by the Windows 8 engineering team. http://blogs.msdn.com/b/b8/archive/2011/09/26/signing-in-to-windows-8-with-a-windows-live-id.aspx

What Business Needs to Do

If you’re a corporation and your enterprise is allowing Windows 8 based devices to attach, even the odd one, I suggest you look at creating both a policy and some user education.  Yes, all of these settings can be controlled by Group Policy, you’ll find them in the GPO Editor under Computer Configuration -> Administrative Templates -> Windows Components -> Settings Sync.

I’m sure I’ll get some of you commenting “this is not new, Dropbox and similar services have existed for a long time”.  I’ll argue that any of these services require a fair bit of user intention and knowledge.  A user needs to want a file sharing and synchronization solution, then they need to sign up and install it.  With Windows Live and Skydrive it just happens as they log on to their PC for the first time.  With Office 2013 integration to Skydrive, users will instinctively start saving corporate date off into their personal Skydrive.

At this point, Microsoft is not providing functionality for corporations to manage user Skydrives.  There is no functionality similar to the “Dropbox for Teams” service.  Skydrive Pro does provide corporate administration functionality with the Office365 offering, but runs alongside Skydrive and is synchronization of Sharepoint libraries, not a similar service to Skydrive at all.

Conclusion

As a user, take a few extra moments to review your security settings for your Windows Live id.  You can do this at https://account.live.com/ – make sure your primary mobile and trusted computer list is correct.  If you ever find yourself logging in with your Live id from any dodgy machines such as an Internet café, take advantage of Microsoft’s “Sign in with a single-use code”.  They’ll SMS your mobile with a one-time password.  Be extra vigilant of signing in to a phishing site.

As a business, you’ll need to immediately give some thought to whether you’re ok with things like WiFi passwords, user browser saved passwords, company documents and the like being saved to the Microsoft online services.  If you’re ok with it, help your users do it securely.  If you want to disable it, hurry up and set those group policy items.

No comments yet... Be the first to leave a reply!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: