Microsoft Calls for Laws to Ensure Privacy, Security in the Cloud

If you’ve talked to your business customers about whether they have plans to
move any of their IT infrastructure into the cloud, you’ve heard the same set
of concerns—security and privacy.

Today Microsoft called on government leaders to take action to alleviate those
concerns by passing legislation to modernize criminal law to address crimes
committed in the cloud, update privacy laws and create truth-in-cloud-computing
principles.

“Given Microsoft’s history with antitrust both in the U.S.
and Europe, it is unusual to see them go back to the
government to ask for this,” industry analyst Rob Enderle told Channel Insider.
“You would think they would have distrust for government and regulators.”

But Microsoft’s actions in the wake of its experience demonstrates the
importance the company places on creating such legislations to ensure that
business and consumer information remains private and secure in the cloud.

“The Obama administration has been aggressive in terms of addressing problems
before they occur,” Enderle said. Brad Smith, Microsoft’s general counsel, in
delivering this message in an address to the Brookings Institution, may be
looking to get the administration to look at the future to prevent future
problems rather than react to events after the fact, he added.

The address could not come at a more fortuitous time, in the days after Google
publicly acknowledged that its own infrastructure was compromised and that it
was considering pulling out of China
because of the incident.

“We also need government to modernize the laws, adapt them to the cloud, and
adopt new measures to protect privacy and promote security,” Smith said in his
keynote address to the Brookings Institution’s “Cloud Computing for Business
and Society” forum on Jan. 20. “There is no doubt that the future holds even
more opportunities than the present, but it also contains critical challenges
that we must address now if we want to take full advantage of the potential of
cloud computing.”

Smith called on the federal government to create a Cloud Computing Advancement
Act that would include “truth-in-cloud-computing” principles so that consumers
and businesses would know how their information would be accessed and secured.

While news of new regulations to learn and follow may not inspire many VARs or
MSPs to stand up and cheer, Enderle said that the new rules would not likely be
too onerous.

Any new regulation places more burden on the smaller businesses, he
acknowledged, but in his view these would be most like restaurants needing to
publish nutritional information.

Of course, any time the government gets involved there is a risk it could get
carried away, he said. But most likely these will just be disclosures that
businesses could post on their Websites.

Such new rules are the next step for technology, according to Smith.

“The PC revolution empowered individuals and democratized technology in new and
profoundly important ways,” Smith said. “As we move to embrace the cloud, we
should build on that success and preserve the personalization of technology by
making sure privacy rights are preserved, data security is strengthened and an
international understanding is developed about the governance of data when it
crosses national borders.”