RSS Alerts
Brendon Lynch, Microsoft Trustworthy Computing

Share

More services

Related Links

Related Stories

  • Weekly Brief - June 1 2009
    Information security: Tools, Techniques, Law, Attacks and Defenses
  • US standards drive Canadian information security
    An absence of legislation and the presence of the laissez-faire attitude has resulted in Canada being rather lax when it comes to information security compliance. Robin Arnfield looks at how US standards are driving the Canadian information security marketplace
  • Ten years of Microsoft’s Trustworthy Computing initiative: Has it delivered?
    It is ten years since Bill Gates distributed his internal ‘Trustworthy computing’ memo to Microsoft staff: “We must lead the industry to a whole new level of Trustworthiness in computing.” Has Microsoft delivered?
  • Interview: William Barker, chief cyber security advisor, NIST, Dept. Of Commerce
    The inaugural World Cyber Security Technology Research Summit was held at Queen's Centre for Secure Information Technologies (CSIT) in Belfast in March. Of all the delegates that Infosecurity had the pleasure of speaking with, William Barker, chief cyber security advisor NIST, has arguably the most impressive CV.
  • The Dirty Secrets of Green IT
    The recent push to save the planet from environmental catastrophe in some quarters has dovetailed nicely with organizations’ need to pare down budgets – making for some nice PR. But, as Wendy M. Grossman demonstrates, hiding behind some ‘green’ initiatives are increased security risks

Top 5 Stories

Feature

Comment: Protecting privacy in the cloud

05 November 2009
Brendon Lynch, senior director of privacy strategy, Microsoft Trustworthy Computing

Cloud computing is rapidly emerging to complement the traditional model of software running on, and data being stored on, PCs and servers, especially as IT departments look to drive efficiencies in the current economic climate. However, consumer advocates, organisations, and regulators are raising a number of important privacy questions concerning how information and interactions are handled in this environment.

Cloud computing is rapidly emerging to complement the traditional model of software running on, and data being stored on, PCs and servers, especially as IT departments look to drive efficiencies in the current economic climate. However, consumer advocates, organisations, and regulators are raising a number of important privacy questions concerning how information and interactions are handled in this environment.

For privacy, cloud computing represents an evolution rather than a revolution and the most significant shift is that personal information is increasingly stored off the PC or off-premises. To address these questions, cloud service providers and organisations using cloud services need to, at a minimum, implement the same strong privacy practices applied to other computing environments. They need to work together to ensure that both the cloud provider and customer are clear in their privacy responsibilities.

In most enterprise cloud scenarios, Microsoft or any other cloud provider has no direct relationship with its customer’s employees or other end-users to whom the hosted data may pertain. As such, the privacy policies relating to the business’ handling of this data in the cloud environment are controlled and set by the organisation using the service. Similar to that of a company that rents physical warehouse from a landlord for storing boxes of company files, access to those files and the use of information within them is still governed by the policies of the company that rents the space.

Microsoft and other cloud providers’ role is to offer clear data handling processes and to provide safeguards and controls to support the customer’s privacy policies. They should provide tools and guidance to organisations that help them development strong privacy policies as they adopt cloud-based service offerings. By having cloud providers be transparent about the security and privacy practices and protections offered by their services, businesses and consumers can make informed decisions when deciding what information and applications to put in the cloud.

While privacy best practices provide much in the way of guidance toward protecting cloud computing privacy, some issues, such as cross border data transfers, conflicting legal obligations, and competing claims of jurisdiction will require a broader engagement to solve. Ultimately, we expect the industry, consumers and governments to agree on baseline privacy practices that span industries and countries. As that consensus view evolves, Microsoft and others will remain an active voice in the discussion - drawing on our extensive experience and our commitment to helping create a safer, more secure Internet.

For our part, Microsoft is releasing a white paper outlining our approach to cloud computing privacy. Microsoft has been examining and addressing privacy challenges in the evolving online services realm for well over a decade. Our extensive experience has helped us develop well-defined business practices, privacy policies and security measures that govern Microsoft’s cloud computing ecosystem. We work to build secure systems and data centres that help us to protect individuals’ privacy, and we adhere to clear, responsible privacy policies in our business practices - from software development through service delivery and support.

This article is featured in:
Application Security • Cloud Computing • Compliance and Policy  • Data Loss  • Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012