Microsoft calls for cloud computing transparency

Cloud providers need to offer transparency about security and privacy, the executive says

Cloud computing vendors need to band together to create rules on privacy and security or face the prospect of having the U.S. Congress pass regulations, Microsoft General Counsel Brad Smith said Wednesday.

During a speech at the Brookings Institution, a Washington, D.C., think tank, Smith called for new "truth-in-cloud-computing" principles that would let consumers and businesses know how their information will be accessed by service providers and how it will be stored online.

"These principles should ensure that there is transparency over how data is protected," he said. "Simply put, it should not be enough for service providers simply to say that their services are private and secure," Smith added. "There needs to be some transparency about why this is the case."

Cloud providers should maintain a comprehensive security program and should disclose whether their security efforts meet security standards, Smith said. Customers should know how they can reclaim their documents and data, he added.

Cloud computing vendors could create a self-regulatory code, or they could face regulation from Congress, Smith said. Action from Congress is "likely," he said. If regulation happens, Microsoft would prefer it on the national, rather than state level, he said.

"Simply put, it should not be enough for service providers simply to say that their services are private and secure," Smith added. "There needs to be some transparency about why this is the case."

Smith also called for the U.S. government to work with other nations on an agreement that would allow cloud providers to operate without having to comply with laws in every country they have customers. The U.S. and other countries should establish a multilateral "free trade zone" for data packets, he said.

A handful of other governments have already tried to gain access to data stored in the U.S., he said.

"Where different laws conflict, a decision to comply with a lawful demand for user data in one jurisdiction may place a provider at risk of violating laws elsewhere," he said. "This also makes it more difficult to provide consumers with accurate information about when and how their personal information might be accessed by law enforcement."

Microsoft also supports efforts to update privacy protection laws to deal with online activities, and it wants changes to computer crime laws that would make it easier for prosecutors to charge cybercriminals, Smith said. In some cases, it's difficult for prosecutors now to place monetary values on stolen documents, e-mail or digital photos, he said.

One way of dealing with this problem would be a change in the law that would fix the value of such items for each victim, then allow prosecutors to multiply that amount by the number of victims to determine charges, Smith said.

Smith also called for Congress to allow cloud providers greater latitude to pursue civil lawsuits against attacks, and he called for larger fines for attackers that break into data centers. In most cases, the fines for breaking into a data center are the same as for attacking a single computer, he said.

Smith didn't directly address critics who say that cloud computing locks customers into one vendor, but he noted that a recent survey commissioned by Microsoft found that 75 percent of senior business leaders said safety, security and privacy are the top potential risks of cloud computing. More than 90 percent of the general population and business leaders would be concerns about the security and privacy of their own data in a cloud computing environment, according to the survey, by Penn Schoen & Berland.

But cloud computing, although not well understood by the general public, offers great potential benefits, Smith added.

"Cloud computing, properly implemented, provides users with greater flexibility, portability and choice in their computing options," he said. "You can rely on the cloud for as little or as much of your computing needs -- and keep as much data and computing functions locally on site -- as you want."

Tags Microsoftonline storagecloud computing

Recommended

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Grant Gross

IDG News Service

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?