Comment: Protecting privacy in the cloud

Brendon Lynch, Microsoft Trustworthy Computing
Brendon Lynch, Microsoft Trustworthy Computing

Cloud computing is rapidly emerging to complement the traditional model of software running on, and data being stored on, PCs and servers, especially as IT departments look to drive efficiencies in the current economic climate. However, consumer advocates, organisations, and regulators are raising a number of important privacy questions concerning how information and interactions are handled in this environment.

For privacy, cloud computing represents an evolution rather than a revolution and the most significant shift is that personal information is increasingly stored off the PC or off-premises. To address these questions, cloud service providers and organisations using cloud services need to, at a minimum, implement the same strong privacy practices applied to other computing environments. They need to work together to ensure that both the cloud provider and customer are clear in their privacy responsibilities.

In most enterprise cloud scenarios, Microsoft or any other cloud provider has no direct relationship with its customer’s employees or other end-users to whom the hosted data may pertain. As such, the privacy policies relating to the business’ handling of this data in the cloud environment are controlled and set by the organisation using the service. Similar to that of a company that rents physical warehouse from a landlord for storing boxes of company files, access to those files and the use of information within them is still governed by the policies of the company that rents the space.

Microsoft and other cloud providers’ role is to offer clear data handling processes and to provide safeguards and controls to support the customer’s privacy policies. They should provide tools and guidance to organisations that help them development strong privacy policies as they adopt cloud-based service offerings. By having cloud providers be transparent about the security and privacy practices and protections offered by their services, businesses and consumers can make informed decisions when deciding what information and applications to put in the cloud.

While privacy best practices provide much in the way of guidance toward protecting cloud computing privacy, some issues, such as cross border data transfers, conflicting legal obligations, and competing claims of jurisdiction will require a broader engagement to solve. Ultimately, we expect the industry, consumers and governments to agree on baseline privacy practices that span industries and countries. As that consensus view evolves, Microsoft and others will remain an active voice in the discussion - drawing on our extensive experience and our commitment to helping create a safer, more secure Internet.

For our part, Microsoft is releasing a white paper outlining our approach to cloud computing privacy. Microsoft has been examining and addressing privacy challenges in the evolving online services realm for well over a decade. Our extensive experience has helped us develop well-defined business practices, privacy policies and security measures that govern Microsoft’s cloud computing ecosystem. We work to build secure systems and data centres that help us to protect individuals’ privacy, and we adhere to clear, responsible privacy policies in our business practices - from software development through service delivery and support.

What’s hot on Infosecurity Magazine?