, evildictait​or wrote

*snip*

For the record, the SDL does talk about encryption of PII data (like documents). Consequently SkyDrive will almost certainly be strongly encrypting data when sending the data to and from SkyDrive, and all data will be stored in Microsoft's hardened data-centres (i.e. you're not going to find a SQL injection against the SkyDrive website).

If you plumb the logs you can see it's using BITS to transfer to an HTTPS endpoint. (And muggins here is the one who has written the wrapper around the MS SSL CAs)

Also, if you're using Microsoft Office to store your bank statements and documents, you can apply a password to it. Doing so strongly encrypts the document, so that even though SkyDrive can see your document at rest, it's at-rest form is still encrypted using your password.

Office's encryption is only as strong as the password you apply. Although you can swap the algorithm out, which I didn't know.