VPN Articles and News

Microsoft Adopts New International Privacy Standard For Its Cloud Service

Friday, July 10th, 2015

Microsoft has become the first major cloud service provider to adopt the new international privacy standard ISO/IEC 27018. The standard was published by International Organization for Standardization (ISO) in conjunction with International Electrotechnical Commission (IEC) in 2014 and it defines controls and processes that cloud hosting service providers must follow while dealing with the personal data of their customers. Microsoft hopes that the move will reassure enterprise customers who are worried about the security of their data.

While announcing the adoption of the privacy standard by the company through a blog post, Microsoft’s executive vice president of Legal and Corporate Affairs Brad Smith said that the British Standards Institute had checked Office 365, Dynamics CRM Online and Microsoft Azure against the processes and controls outlined in the standard and found that these products were in compliance. In addition, the compliance of Microsoft Intune was certified by Bureau Veritas. Brad termed the adoption of the standard as a major milestone that would encourage more customers to move towards Microsoft’s cloud products.

For customers, there are a number of benefits of switching to a cloud provider which follows the standard. First and foremost, the customers would always remain in control of their data. Secondly, the standard specifies strict controls over how the data is stored, handled and recovered. There are also strict restrictions in place regarding the transferring of data via public networks and storing on it movable media. In addition, every single person who deals with personally identifiable information of customers must now sign a confidentially agreement.

By adopting the standard, Microsoft would also be obliged to let enterprise customers know if there are any government or legal requests for accessing their data (except when disclosing such information is explicitly forbidden by law). The company already follows this procedure but from now on it needs to adhere to it strictly. What’s more, the standard even specifies that the stored data should not be used for advertising purposes. This should reassure enterprise customers who are always worried that their proprietary information is being used by cloud providers for commercial gains.

In this post, Brad also revealed that European data protection authorities had termed Microsoft’s enterprise cloud contracts as “model clauses” that strictly adhere to European privacy laws that deal with international transfer of data. He further added that Microsoft had also signed Student Privacy Pledge which was developed by Software & Information Industry Association and Future of Privacy Forum and deals with protecting the privacy of students.

Microsoft’s move is also likely to reassure customers who are concerned about the surveillance conducted by the American intelligence agencies. The company was under scanner when Edward Snowden revealed that several Silicon Valley companies were co-operating with the NSA in its surveillance activities. By adopting the International standard of privacy for its cloud hosting business, Microsoft seems to be suggesting that it does takes the privacy of its customers seriously. However, it remains to be seen whether the latest move by the company would indeed help it to gain more customers.

July 10, 2015

Leave a Reply

Your email address will not be published. Required fields are marked *

6 + 1 =