One of the key demands from users and businesses when planning to use any cloud service is privacy for their data. Many cloud products claim some level of privacy or security, but Microsoft's cloud services are among the first to claim compliance with the new international standard (IS) for user privacy. The ISO 27018 standard relates specifically to the management and use of cloud-stored information that can identify a user.
We can expect all other major cloud players to follow suit shortly, and it will pay to be very suspicious of any vendor that doesn't have the logo on their site. Microsoft products covered by the certification include the Azure platform, Office 365 application suite and Dynamics Online customer resource management.
Some of the key features of the standard, published in 2014, help service providers define control objectives, controls and guidelines that protect anything classed as Personally Identifiable Information. This means it can't be sent over insecure networks or physically on unencrypted media. The company must also tell the user if it loses any data, or if there is a theft. The company also has to tell you in simple language what it does with your data, and it can't use that data to sell adverts, which might crimp any vendors selling advertising supported services.
Of interest, among the many caveats of the standard, is that the cloud service provider must tell a business if the UK Government asks to see or access their data (but there's another line that says they don't have to tell you if that would contravene a specific law - think spies and national security). In general terms, data privacy is secured and guarded by a range of existing security implementations including encryption and strong password protection.
While this move doesn't radically alter the cloud landscape, it provides an extra tick box for companies looking to partner with a strong, proactive, cloud partner. Data thefts and breaches will still happen, but users will be more aware of what is happening. As privacy will remain in the spotlight for years to come, there may be tighter laws over data, but for now this is another step in the right direction for users and their data.
Leave a Reply