Privacy in the cloud
A new generation of technology is transforming the world of computing. Advances in Internet-based data storage, processing, and services—collectively known as “cloud computing”—have emerged to complement the traditional model of running software and storing data on personal devices or on-premises networks. Many familiar software programs, from email and word processing to spreadsheets, are now available as cloud services. Many of these applications have been offered over the Internet for years, so cloud computing might not feel particularly new to some users.
Still, several aspects of cloud computing differ markedly from previous computing paradigms and offer distinct benefits. Today’s cloud services are highly scalable, which enables customers to pay only for the computing storage and power they need, when they need it. Datacenters in diverse geographies allow cloud providers to store and back up information in multiple locations, which enhances reliability and increases processing speed. And significant economies of scale generated by “server farms” that can simultaneously support scores of users mean major cost savings for customers. (For more information, please see the Microsoft whitepaper, The Economics of the Cloud.)
These advantages are leading governments, universities, and businesses of all sizes to move mission-critical services such as customer relationship management, enterprise resource planning, and financial data management into the cloud. At the same time, the unique attributes of cloud computing are raising important business and policy considerations regarding how individuals and organizations handle information and interact with their cloud provider.
In the traditional information technology (IT) model, an organization is accountable for all aspects of its data protection regime, from how it uses sensitive personal information to how it stores and protects such data stored on its own computers. Cloud computing changes the paradigm because information flows offsite to datacenters owned and managed by cloud providers.
Cloud customers remain ultimately responsible for controlling the use of the data and protecting the legal rights of individuals whose information they have gathered. But defining the allocation of responsibilities and obligations for security and privacy between cloud customers and cloud providers—and creating sufficient transparency about the allocation—is a new challenge. It is important for customers and their cloud providers to clearly understand their role and be able to communicate about compliance requirements and controls across the spectrum of cloud services.
Microsoft understands that strong privacy protections are essential to build the trust needed for cloud computing to reach its full potential. We invest in building secure and privacy-sensitive systems and datacenters that help protect individuals’ privacy, and we adhere to clear, responsible policies in our business practices—from software development through service delivery, operations, and support.
Click the link below to read the full White Paper.