How should governments trust the cloud?
By Mark Day on October 12, 2015
Filed under Microsoft in Government
For emerging and developing countries around the world, data security and privacy is an urgent question that affects both national security and economic growth. The ability of governments to grow their economies is directly related to their ability to build public value through trusted and transparent citizen services like voter registration, tax processing, licensing and permitting. But while governments understand that cloud innovation can provide a quantum leap in delivering those services cheaply and at scale to leverage the compute and storage capacity they need, they are also wrestling with the very real concerns about how to protect sensitive citizen data.
In my recent travels, it has become increasingly clear that governments are seeking thought leadership about data governance and classification now more ever. Should they build private datacenters? Should they store data locally? How should they trust the cloud and what guarantees can their cloud provider offer?
For government agencies, the stakes are particularly high and, in many of the debates happening around the world, the emotions about data security and privacy are drowning out the rational conversations about best practices for legislation and policy.
In an especially salient example, the Irish Warrant case recently in front of the US Court of Appeals for the Second Circuit will decide whether a domestic search warrant can compel Microsoft to produce data stored in servers outside the United States. Governments around the world are watching this case as a test of public cloud viability and will look to the verdict as a potential lesson for how they should treat their data both within and without their borders. Governments need hard and fast plans they can act on today to ensure that their data are never compromised, even as precedent-setting laws are being written.
By taking a stand on these issues, Microsoft is in a unique position that comes with unique responsibilities for setting a high bar for cloud security, privacy, transparency, and compliance. We believe fundamentally that however a government chooses to leverage the cloud should remain on their terms.
When governments partner with Microsoft to solve their data security and privacy issues, they create the means to provide assurance about how specifically their data are managed in the cloud:
- Microsoft cloud services are designed, developed, and operated to help ensure that government data is secure
- Governments are always in control of their data to maintain the highest standards of data privacy.
- Governments should always know how their data are treated in the cloud and experience a high degree of transparency when another government has made a request for their data.
- Governments can meet and anticipate their compliance obligations by achieving important cloud security and privacy standards, such as ISO 27018.
In fact, many governments are finding that the Microsoft public cloud might be more secure than what they can create and maintain on their own. Because we have invested significantly in our global hyper-scale cloud infrastructure, Microsoft can provide governments the cloud environment that is best for them—public, private or hybrid—and help them to anticipate data governance issues in a way that ensures they are implementing the safest and most comprehensive data security plans.