Data Backup Digest

The cloud continues to grow in popularity and there are an increasing number of companies who now offer their own cloud storage service. All the major players, like Amazon, Google and Microsoft, all provide cloud storage for personal and business use. It’s a growing market and each is heavily competing with one another to gain the largest market share.

However, there’s perhaps one key factor of the cloud that is putting a lot of people and companies off – and that’s security. Data storage is never going to be totally secure. There’s always risks attached to it. But when that data is being stored online, perhaps on someone else’s server, it becomes a different ballgame. You’re putting your data in someone else’s hands and that’s a risky thing to do.

Think of it this way: you’ve got a diary that’s locked, but you keep the diary and the key in someone else’s house. Although they promise not to open the diary, they technically could. And they could technically hand the diary and key off to the government, if they were asked to. There are ways to prevent this however, including ensuring that you have end-to-end encryption and that only you hold the encryption key needed to unlock the data.

In a bid to make their cloud offering more appealing, Microsoft has adopted an international standard which certifies the security of their cloud. According to the company, they are the first major cloud service provider to do this.

Microsoft has adopted the International Organization for Standardization and International Electrotechnical Commission’s standard 27018. The guidelines therein outline a uniform, international approach when it comes to protecting personal data that is stored in the cloud.

The services that have all been certified to meet ISO/IEC 27018’s privacy and security standards are Azure Cloud, Office 365 and Dynamics CRM Online. The compliance with the standard has been independently verified by the British Standards Institute, according to Brad Smith, the general counsel and executive vice president of legal and corporate affairs at Microsoft.

The standard says that customers must be made aware of any events relating to their data, like if there’s movement within a data centre or if law enforcement has requested access to the data (except in countries where it isn’t lawful to do that). Additionally, if Microsoft works with any companies who access the data then the user will be notified.

Microsoft’s enterprise customers have expressed concern that cloud providers could be selling their data to advertisers, but Smith explains that Microsoft’s commitment to protecting their users against such an act is now protected by the ISO/IEC 27018 certification.

On top of this, the standard restricts how Microsoft handle personally identifiable information, restricts how that data is transmitted on public networks and ensures that anyone who processes such personal data is subject to confidentiality rules.

Microsoft was also one of the first companies to sign the Pledge to Safeguard Student Data, before Google and Apple joined up. It’s clear that the firm are wanting to put their dedication to security front and centre – it’ll be interesting to see if it pays off.