Microsoft Cloud - A Prologue
Even as Microsoft cloud services are gaining ground, the company released few whitepapers on the different aspects of cloud computing. This article covers some important portions from Microsoft cloud whitepapers so that even non-experts can understand “things to consider” when using cloud services from any company. I assume that everyone reading this article is familiar with the basics of cloud computing. If you wanted to know about Microsoft cloud services, please read the following articles:
There are plenty of advantages when you use cloud for any purpose - be it storage, sharing, collaboration or for testing, development, and hosting purposes. Microsoft has been offering off-site storage (such as Windows SkyDrive) for years so it might not be new to people. However, the scope of cloud computing is spreading from just off-premises storage to entire off-place networks. A datacenter with data replicated on several off-premises servers all around the world is able to offer more stability than a simple in-premise server. In other words, the scope of cloud computing is unlimited as it offers more uptime, ease of access, savings in terms of deployment of in-place infrastructure and in terms of hiring technical know-how, and more. For more information on savings and benefits, please download the Microsoft cloud whitepaper on Economics of Cloud Computing.
Though all Microsoft cloud services employ safeguards against hackers and server blackouts, some precautions and actions should be taken by people using cloud computing.
Microsoft Cloud Perspective on Privacy
This section reflects Microsoft’s views on cloud privacy - including Microsoft cloud services. Microsoft says that in a traditional model, the organization is responsible from A to Z of data privacy. This includes protection of data from its own computers. Cloud computing is different because the data flows from the personal servers to servers managed by cloud service providers.
Though the cloud computing service providers should be able to keep the data private, cloud customers too have to play a role in securing the data. It is a challenge to define the allocation of responsibilities concerning privacy obligations between cloud providers and customers. There should be sufficient transparency about the allocation. It is important for customers and their cloud providers to clearly understand their role and be able to communicate about compliance requirements/controls across the spectrum of cloud services.
Microsoft says it understands that strong privacy protections are essential to build the trust required for cloud computing. It says the company invests in building secure, privacy-sensitive systems, and datacenters that help protect individuals’ privacy. Further, it adheres to clear, responsible policies in their business practices - from software development through service delivery, operations, and customer support.
According to Microsoft, governments of different countries should also come together to formulate a strong framework in the interest of Internet users as it is not possible for private communities alone to formulate such frameworks and implement them. Thus, the service providers, users, and governments must agree on certain core cloud privacy practices that span industries and are consistent across borders. Such agreements will provide greater clarity and certainty for individuals, customers, and service providers.
If that consensus evolves, Microsoft will be an active participant in the discussion, drawing on its extensive experience in providing cloud services and its commitment to helping create a safer, more secure Internet.
Microsoft Cloud Perspective on Security
In a traditional environment, all the security issues are assessed and provided for by the network designers and administrators. However, when it comes to cloud computing, Microsoft says the following are responsibilities of cloud provider:
1 Security of databases and data center;
2. Geographical location of the data center (as it changes the methods of cloud security);
3. Trustworthy employees; and
4 An effective log system to record data access entries to find out illegal access, if any.
Microsoft says geographical instances are often left out while selecting a cloud provider. This may lead to the data to unprotected exposures. As the policies of governments are different across borders, a government may decide to check out the data of any company (for any purpose) without the clients’ knowledge or permission. Thus, knowledge of policies of the governments of different countries may help in the long term security of clients’ data.
Microsoft also presents an interesting example of jurisdictional challenge. If a hacker breaks into a server to retrieve data of a company and if the same compromised server also contains data of other companies, the hacker can easily pick up the data. Who is to blame for this? Who will investigate? Should the cloud service provider investigate or should the company itself investigate? Or is it the task of government office?
The above examples may no longer apply to current cloud services as they are now more sophisticated and secure. Still, Microsoft cloud asks you to make sure you have answers to all such questions pertaining to the security of your company data. This way, you make sure that your company data is not only private, it is also safe. In case of a break-down, there should be backup servers that synchronize with actual servers to provide you with real time data.
Conclusion - Views of Microsoft Cloud
In short, you should check out:
- Location of the servers where your data will be stored and the data policies of the governments of that jurisdiction;
- How safe are the servers and what protocols are used to secure the data from hackers;
- Data retention policies;
- How the cloud service providers handle down time; and
- How does the service provider track data to protect your data from prowling eyes
Of course, all cloud service providers use some sort of encryption for uploading, downloading, and storing data securely. You should be aware of how the data will be handled to you in a readable format without being compromised on its way to your computers.