EU privacy chiefs endorse Microsoft cloud computing

EU data protection authorities endorse Microsoft’s cloud computing agreement

One of the widely asked questions related to cloud computing has always been the safety and security of all the data stored in the cloud. For many years, major cloud technology operators have had to face concerns that the data stored in their cloud was subject to deliberate access and scrutiny by government organisations.

The main players in cloud computing such as Microsoft, have had to face constant challenges such as proving that its cloud services can be trusted. Microsoft has been constantly working to convince the business world that its services offer reliable protection for the data they house and that any attempts by third parties to access this information, including governments, can be effectively pushed back not only technically but also politically.

A string of recent international events re-opened this debate which triggered action by Microsoft who embarked on a three-pronged approach to make its cloud computing platform. Immediate and coordinated action was taken in three specific areas namely, expansion of encryption across Microsoft’s  services, reinforcing of legal protections for its customers’ data and enhancement of the transparency of its software code, making it easier for customers to reassure themselves that Microsoft’s products do not contain back doors.

“Many of our customers have had serious concerns about government surveillance of the Internet and this threatens to seriously undermine the confidence in the security and privacy of online communications. Microsoft shares in these concerns and we have been taking steps to ensure that authorities use legal processes to access customer data. Indeed, government snooping potentially now constitutes an “advanced persistent threat,” alongside sophisticated malware and cyber attacks,” explained Brad Smith, General Counsel and Executive Vice President of Legal and Corporate Affairs at Microsoft.

In his blog, posted on the 10th of April, Smith announced that privacy regulators from all 28 European Union member states have determined that Microsoft’s enterprise cloud contracts meet the high standard for privacy protection set forth in Europe’s data protection regulations.

This made Microsoft the first – and so far only – company to receive this approval, which followed an extensive review by the Article 29 Working Party. In light of this endorsement, Microsoft also will announce that it is expanding the same legal protections to all its enterprise customers worldwide.

“This marks a significant milestone for customers considering Microsoft’s enterprise cloud services – particularly Office 365, Microsoft Azure, Microsoft Dynamics CRM and Windows Intune – by providing them with the confidence of knowing that these products are in compliance with Europe’s rigorous privacy standards no matter where their data is located. For customers who care about privacy and regulatory compliance, this announcement makes it amply clear to our customers that there is no more committed partner to them than Microsoft,” said Microsoft.

“It also means that our enterprise customers won’t need to worry that their use of our cloud services on a worldwide basis will be interrupted or curtailed should the EU suspend the Safe Harbor Agreement with the United States as recently called for by the European Parliament,” added Microsoft.

Microsoft will pursue a comprehensive engineering effort to strengthen the encryption of customer data across all  networks and services  such as Outlook.com, Office 365, SkyDrive and Windows Azure, and will provide protection across the full lifecycle of customer-created content.