Hotmail’s secure, says Microsoft


Software behemoth Microsoft has maintained that its online services are secure, in the face of news that the department which houses Prime Minister Julia Gillard, her staff and the Cabinet would block public web-based email services such as Hotmail and Gmail from 1 July as a security risk.

In response to a report by the government’s Auditor-General stating that public web email services were insecure, the Department of Prime Minister and Cabinet yesterday stated it would comply with the auditor’s recommendation and shut down access to the webmail platforms — despite the fact that they were being used extensively by departmental staff.

Google declined to comment on the issue, but in response, Microsoft highlighted the security of its offerings.

“Microsoft’s online services adhere to many world-leading security standards, such as ISO 27001 and SAS 70, and we regularly investigate improvements to gain further certifications by independent industry organisations,” a spokesperson for the software giant said in an emailed statement yesterday.

However, Microsoft also acknowledged that different organisations had different needs.

“Microsoft recognises that governments operate in a unique environment and have complex personnel, business, legislative and communication requirements,” the spokesperson said. “We continue to work with the Australian Government to understand and develop IT solutions, both online and on-premise, that meet their needs.”

The news comes as debate continues to rage about the validity and practicality of the department’s move to comply with the auditor’s request. In an extensive blog post on the matter published this morning, e-government specialist and public servant Craig Thomler acknowledged risks stemming from web email access; pointing out that such systems could be easily used to distribute large amounts of government information — including classified information — and that they were also a potential source of malware.

However, Thomler also questioned what the fundamental nature of webmail services actually was — pointing out that platforms such as Gmail and Hotmail were really just websites which allowed people to upload files, and that a range of other similar systems — even web-based access to ISP email accounts — existed online.

In addition, he noted that webmail platforms may actually be more secure in practice than some corporate systems — as companies like Google and Microsoft could afford to invest more in security than any individual customer company — and had hundreds of millions of users.

Image credit: Bo Gao, Creative Commons


  1. /microsoft-facepalm

    The AG is surely blocking access to these services to prevent staff from using them to remove documents from the internal network?

    This has NOUGHT to do with whether those services are “secure” or not.


  2. Ha ha little did they know that e-mail travels across the globe unencrypted!
    Even if you keep MS Exchange in-the-house, it leaves the house unencrypted, SMTP port 25/TCP.
    Internal IT must be so bad that poor devils have to use external web mail.

Comments are closed.