Microsoft recently announced that it has succeeded in adopting a number of security certifications and standards for its Office 365 products. These new Office 365 security features are designed to help Microsoft expand into the international cloud computing space, as regulatory compliance and security become larger barriers preventing cloud app adoption.
The Issue With Worldwide Cloud Computing
Like many things in the business world these days, cloud computing has run up against a wall of regulation from a variety of sources. Since the cloud operates without borders, a company's information can be physically stored in one country while the company exists in another. This can cause some interesting regulatory issues, as data protection and privacy laws in one country may be broken by storing data in a second country where local law gives authorities unfettered access to stored data.
As this Wired article points out, the largest current sticking point is between European companies and U.S-based cloud providers, due to the amount of data control that the PATRIOT Act gives U.S. authorities. A recent anecdote from Microsoft tells of a U.K. company that was ready to adopt Office 365, when its lawyers pulled the plug over issues surrounding the PATRIOT Act.
Of course, the issue goes much deeper than one piece of legal code in one country, as this type of regulatory nightmare is only going to get larger as the cloud grows. The concept behind the cloud is that the data's physical location doesn't matter, only that the client has access to that information, but in reality, that data does exist on a physical server somewhere and thusly falls under local jurisdictions.
New Office 365 Security Features
As noted in this Seattle Times article, Microsoft is trying to allay fears of regulatory nightmares by announcing a number of new security features and standards. First, Office 365 received ISO/IEC 27001 certification, which requires a yearly independent audit centered around data security. Microsoft says that it's the first major cloud-based productivity service to achieve this certification, although Google Apps has a similar, albeit slightly different, certification.
Microsoft also announced the launch of the Office 365 Trust Center, which is designed, in part, to help health care organizations meet Health Insurance Portability and Accountability Act (HIPAA) requirements. HIPAA involves reporting security breaches and ensuring business partners will safeguard the data they have access to.
Finally, Microsoft announced that Office 365 will meet the standard of the European "model clauses," which are designed to keep data secure even if that data is physically stored on servers outside of Europe. Additionally, as this ZDNet article states, the new Trust Center will allow companies to specify the physical location of their data, to allay concerns about competing regulation.
It should be noted that while issues with the PATRIOT Act are at the forefront of the overall problem, Microsoft never mentioned the regulation. This almost certainly means that these new security features are designed to reduce fear, rather than provide a true cure for the problem. It's unfortunate that certain regulations would cause so many problems in connecting the world together, but until businesses can prove to their governments how harmful these regulations are, the issue isn't going to go away.
In fact, with cloud computing growing exponentially, you can expect the issue to only get worse in the near-term, as governments are sure to be hesitant to change policies because of technologies they clearly don't yet understand. Microsoft may have taken a nice first step in this battle, but every company involved in cloud computing needs to step up and start protecting data from wayward regulation if this problem is to ever go away.
williston north dakota williston north dakota kody brown transylvania terrell owens terrell owens carrie ann inaba
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.