Risk
11/5/2009
07:10 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Microsoft Expresses Cloud Privacy Commitment, Concerns

In a policy paper, Microsoft affirms its support for privacy in the cloud and calls for regulatory clarity.

Cloud computing continues to evoke privacy concerns, so Microsoft has published a position paper that attempts to address the questions it's been hearing.

The paper's publication coincides with the 31st International Conference of Data Protection and Privacy Commissioners, which is taking place this week in Madrid, Spain.

"We know that cloud computing is getting a lot of attention these days and we've heard from customers and external stakeholders that they'd like to hear what we're thinking about it," said Brendon Lynch, senior director of privacy strategy for Microsoft's trustworthy computing group. "Privacy and security are the number one concern of organizations that are thinking about going into the cloud space."

Lynch contends the issue isn't really new, noting that Microsoft has been storing Hotmail user data on remote servers for about 15 years.

Nonetheless, the diversity of information being stored in cloud services, the extent to which cloud services are being used by consumers and businesses, and the architectural differences of cloud data storage all provide a reason for Microsoft to clarify its thinking about cloud privacy.

The good news is that the privacy principles Microsoft supports through the architecture of its software -- notice, consent, and choice, among others -- are the principles the company supports for the cloud.

The bad news -- if you accept the premise that Microsoft's interests are aligned with the user's -- is that Microsoft isn't always calling the shots.

Cloud service providers "can be caught in an impossible position when governments impose conflicting legal obligations and assert competing claims of jurisdiction over user data held by these providers," Microsoft's paper states. "Divergent rules on data privacy, data retention, law enforcement access to user data, and other issues can lead to ambiguity and significant legal challenges."

Lynch says that Microsoft is working on these issues, trying to encourage the harmonization of privacy laws and a consistent global privacy framework that can accommodate the reality of global data flows.

"In order to maintain trust and confident in cloud service, we really feel that cloud providers need to put forth strong privacy protections and to be very transparent," said Lynch.

Attend a Webcast on the application grid approach to modern data centers. It happens Tuesday, Nov. 3, 2009. Find out more and register.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-2977
Published: 2015-07-29
Webservice-DIC yoyaku_v41 allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via unspecified vectors.

CVE-2015-2978
Published: 2015-07-29
Webservice-DIC yoyaku_v41 allows remote attackers to bypass authentication and complete a conference-room reservation via unspecified vectors, as demonstrated by an "unintentional reservation."

CVE-2015-2979
Published: 2015-07-29
Webservice-DIC yoyaku_v41 allows remote attackers to execute arbitrary OS commands via unspecified vectors.

CVE-2015-4286
Published: 2015-07-29
The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377.

CVE-2015-4290
Published: 2015-07-29
The kernel extension in Cisco AnyConnect Secure Mobility Client 4.0(2049) on OS X allows local users to cause a denial of service (panic) via vectors involving contiguous memory locations, aka Bug ID CSCut12255.

Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!