Microsoft to Congress: Enact Law to Secure Cloud DataSurvey Shows Widespread Unease Over Cloud Computing's Security
In a speech before the Brookings Institute on Wednesday, Microsoft senior vice president and general counsel Brad Smith also called for an international dialogue on data sovereignty to assure users that their data is subject to the same rules and regulations, regardless of where the data resides.
"We need government to modernize the laws, adapt them to the cloud and adopt new measures to protect privacy and promote security" Smith said in his prepared remarks to the Brookings policy forum, Cloud Computing for Business and Society. "There is no doubt that the future holds even more opportunities than the present, but it also contains critical challenges that we must address now if we want to take full advantage of the potential of cloud computing."
The legislation Microsoft proposes calls for:
- Improvements in privacy protection and data access rules to ensure users' privacy, starting with reforming and strengthening the Electronic Communications Privacy Act to clearly define and provide stronger protections for consumers and businesses.
- Modernization of the Computer Fraud and Abuse Act so law enforcement has the tools it needs to go after malicious hackers and deter instances of online-based crimes.
- Truth-in-cloud-computing principles to ensure that consumers and businesses will know whether and how their information will be accessed and used by service providers and how it will be protected online.
- Pursuit of a new multilateral framework to address data access issues globally.
At the forum, Smith unveiled a Microsoft survey, conducted in December, of 700 members of the public, 200 senior IT decision-makers and 200 senior business decision-makers that showed high levels of excited for cloud computing tempered by even higher concern about security and privacy. While 58 percent of the general population and 86 percent of senior business leaders are excited about the potential of cloud computing, more than 90 percent of these same people are concerned about the security, access and privacy of their own data in the cloud. The majority of all groups surveyed believe the federal government should establish laws, rules and policies for cloud computing.
Cloud computing is a top priority of Vivek Kundra, the federal chief information officer, who implemented the use of cloud services as chief technology officer of the District of Columbia. But last month's hacking from China of Google's Gmail e-mail accounts of human rights activists have raised concerns about cloud computing's vulnerabilities. Gmail is a cloud computing service.
Microsoft, too, is heavily invested in cloud computing. Windows Azure is its cloud computing platform service its markets and Microsoft hosts cloud computing services such as e-mail, messaging, calendaring and photo albums. Coinciding with Smith's remarks, Microsoft issued a paper entitled Building Confidence in the Cloud: A Proposal for Industry and Government Action to Advance Cloud Computing.
For further reading:
Securing the Cloud: 5 Government Cybersecurity Challenges in 2010, Part 4
Google Attack and Vivek Kundra's Dream
Year of the Cloud: 2011, Not 2010
Feds Launch Site Hawking Cloud Services
Can Cloud Defend Against DDoS Attacks?