 |
| Bullwinkel. |
Despite cloud workloads being 500% faster in 2017 than traditional IT workloads, there are some which have been holding back on cloud because of trust issues. "People will simply not use technology that they don't trust," said Jeff Bullwinkel, Associate General Counsel and Director of Corporate, External & Legal Affairs, Microsoft Asia Pacific & Japan at the Microsoft Cyber Trust Experience 2017 event in Singapore.
The Microsoft response has been fourfold, covering security, transparency, privacy & control, and compliance. "The Microsoft mission is to empower every person and
every organisation on the planet to achieve more. If we empower every
person we have to increase trust a bit more," said Bullwinkel.
Security governs how Microsoft develops and deploys software. Its cloud data centres are some of the most secure data centre infrastructure in the world, Bullwinkel said."The biggest enterprise doesn't have the resources to invest in security in the way that Microsoft does. We spend an average of a billion dollars* to...make sure infrastructure and software is being developed and updated (in a secure way)," he said.
Additionally, the company has been expanding the use of encryption across all services, so that data is encrypted both at rest and in transit.
Microsoft has also enhanced the transparency of code, allowing government officials to satisfy their concerns and examine the code to ensure there are no backdoors or other unusual code.
The company is reinforcing legal protection for customer data, both in terms of its own contracts and in terms of how it deals with government requests for information. "Your data is your data. We'll keep it private and under your control; and we'll manage your data in accordance with the law," Bullwinkel said.
Security governs how Microsoft develops and deploys software. Its cloud data centres are some of the most secure data centre infrastructure in the world, Bullwinkel said."The biggest enterprise doesn't have the resources to invest in security in the way that Microsoft does. We spend an average of a billion dollars* to...make sure infrastructure and software is being developed and updated (in a secure way)," he said.
Additionally, the company has been expanding the use of encryption across all services, so that data is encrypted both at rest and in transit.
Microsoft has also enhanced the transparency of code, allowing government officials to satisfy their concerns and examine the code to ensure there are no backdoors or other unusual code.
The company is reinforcing legal protection for customer data, both in terms of its own contracts and in terms of how it deals with government requests for information. "Your data is your data. We'll keep it private and under your control; and we'll manage your data in accordance with the law," Bullwinkel said.
Microsoft continues to uphold the letter of the law in an increasingly digital world, and has sued the US government several times as a result, such as against gag orders that prevent Microsoft from exercising its right to be transparent. Microsoft has also fought a US warrant requesting customer emails which are stored in Europe on the grounds that US search
warrants are only confined to data stored in the US.
"It is not about obstructing legitimate criminal prosecution," Bullwinkel explained. "(There are established) ways to get information."
"It is not about obstructing legitimate criminal prosecution," Bullwinkel explained. "(There are established) ways to get information."
Bullwinkel said that Microsoft can respond to requests for information from law enforcement agencies within 30 minutes but wishes to do so in a way that maintains due process. "(Existing) rules have been in place for a long time. In many respects those rules are still valid," he said, adding that treaties can be updated as "there is a need and opportunity to speed up the process."
When it comes to privacy and control, Microsoft acknowledges that the data in its data centres belong to customers. "Our customers have the right to determine what happens to their data," Bullwinkel said.
As for compliance, Microsoft understands the compliance and regulatory challenges that come with the shift from on-premise to cloud. "Achieving compliance on your own is not simple – it can be complex, time consuming and costly," Bullwinkel said. "The technology, standards and regulations are always evolving."
The company is a step ahead of regulators, foresaw the US Safe Harbor regulations governing personal data transfers between the US and the European Union collapsing, and had moved to supporting EU Model Clauses by 2014. Microsoft also supports the Safe Harbor was overturned in 2015, and has embraced the need to be compliant with the upcoming EU General Data Protection Regulation (GDPR).
Microsoft has also called for a 'Digital Geneva Convention' to codify cyber norms at the level that nation states operate. "There needs to be a different level of conversation," Bullwinkel said.
Interested?
Read the Microsoft blog post introducing the concept of a Digital Geneva Convention
Visit the page for Cloud for Good, the larger initiative to offer a trusted, responsible cloud (PDF)
Watch the Microsoft cloud data centre video
Visit the Microsoft compliance portal
Hashtag: #CyberTrustAPAC
*Figure in US$
No comments:
Post a Comment