Microsoft calls for cloud computing transparency

Cloud providers need to offer transparency about security and privacy, the executive says

Cloud computing vendors need to band together to create rules on privacy and security or face the prospect of having the U.S. Congress pass regulations, Microsoft General Counsel Brad Smith said Wednesday.

During a speech at the Brookings Institution, a Washington, D.C., think tank, Smith called for new "truth-in-cloud-computing" principles that would let consumers and businesses know how their information will be accessed by service providers and how it will be stored online.

"These principles should ensure that there is transparency over how data is protected," he said. "Simply put, it should not be enough for service providers simply to say that their services are private and secure," Smith added. "There needs to be some transparency about why this is the case."

Cloud providers should maintain a comprehensive security program and should disclose whether their security efforts meet security standards, Smith said. Customers should know how they can reclaim their documents and data, he added.

Cloud computing vendors could create a self-regulatory code, or they could face regulation from Congress, Smith said. Action from Congress is "likely," he said. If regulation happens, Microsoft would prefer it on the national, rather than state level, he said.

"Simply put, it should not be enough for service providers simply to say that their services are private and secure," Smith added. "There needs to be some transparency about why this is the case."

Smith also called for the U.S. government to work with other nations on an agreement that would allow cloud providers to operate without having to comply with laws in every country they have customers. The U.S. and other countries should establish a multilateral "free trade zone" for data packets, he said.

A handful of other governments have already tried to gain access to data stored in the U.S., he said.

"Where different laws conflict, a decision to comply with a lawful demand for user data in one jurisdiction may place a provider at risk of violating laws elsewhere," he said. "This also makes it more difficult to provide consumers with accurate information about when and how their personal information might be accessed by law enforcement."

Microsoft also supports efforts to update privacy protection laws to deal with online activities, and it wants changes to computer crime laws that would make it easier for prosecutors to charge cybercriminals, Smith said. In some cases, it's difficult for prosecutors now to place monetary values on stolen documents, e-mail or digital photos, he said.

One way of dealing with this problem would be a change in the law that would fix the value of such items for each victim, then allow prosecutors to multiply that amount by the number of victims to determine charges, Smith said.

Smith also called for Congress to allow cloud providers greater latitude to pursue civil lawsuits against attacks, and he called for larger fines for attackers that break into data centers. In most cases, the fines for breaking into a data center are the same as for attacking a single computer, he said.

Smith didn't directly address critics who say that cloud computing locks customers into one vendor, but he noted that a recent survey commissioned by Microsoft found that 75 percent of senior business leaders said safety, security and privacy are the top potential risks of cloud computing. More than 90 percent of the general population and business leaders would be concerns about the security and privacy of their own data in a cloud computing environment, according to the survey, by Penn Schoen & Berland.

But cloud computing, although not well understood by the general public, offers great potential benefits, Smith added.

"Cloud computing, properly implemented, provides users with greater flexibility, portability and choice in their computing options," he said. "You can rely on the cloud for as little or as much of your computing needs -- and keep as much data and computing functions locally on site -- as you want."

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags cloud computingMicrosoftonline storage

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Grant Gross

IDG News Service
Show Comments

Essentials

Brother MFC-L3745CDW Colour Laser Multifunction

Learn more >

Mobile

Exec

Sony WH-1000XM4 Wireless Noise Cancelling Headphones

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?