As the race to acquire clientele in the cloud computing arena escalates, service providers are taking onerous steps to ensure that their data security and privacy controls are adequately maintained and safeguarded. The aggressive marketing campaigns of service providers like Amazon, Microsoft, and Google, are going to great lengths to build the trust of prospective clients. What’s at stake for these providers are billions and billions of dollars worth of recurring revenue from both private and governmental contracts. However, do these cloud computing campaigns adequately inform their target audience, or do they simply give prospective clients’ a false sense of security over how their data is managed?
[D]o these cloud computing campaigns adequately inform their target audience, or do they simply give prospective clients’ a false sense of security over how their data is managed?
In the hopes of satisfying regulatory concerns over its cloud-based applications, Microsoft, Corp., announced that it has taken steps to ensure that they are in compliance with protocols established both in the European Union and United States. Upon reading this news, I went to the Microsoft Office 365 Trust Center to examine just what this announcement means to prospective business clients. The website touts enhancements to Office 365 like privacy, transparency, 3rd party verification, and cutting edge security practices – all of these buzz words are meant to increase the level of trust the user has in placing data into the clouds. However, will the user be willing to take the necessary steps to ensure that there is an unauthorized release of mission-critical data? Data governance is a two-way street, and the message service providers are sending is that if there is an unauthorized release, it will not be due to a lack of vigilance on their behalf.
Do Users’ understand their obligations in placing data within the ‘Cloud’? Until there is a behavior change, data will still be at risk – regardless of the measures taken.
For example, on the introductory page of the Office 365 marketing slick, the following is stated: “Customers have a responsibility to control and maintain their environment once the service has been provisioned (i.e. user access management and appropriate policies and procedures in accordance with their regulatory requirements). ” Beyond this, the Data Use page for Office 365 states that if data is subpoenaed by a law enforcement entity “Microsoft Online Services will try in the first instance to redirect the entity to the customer to afford it the opportunity to determine how to respond. If nonetheless required to respond to the demand, Microsoft Online Services will only provide information belonging to its customers when it is legally required to do so, will limit the production to only that information which it is required to disclose and will use commercially reasonable efforts to notify the enterprise customer in advance of any production unless legally prohibited. ”
Clearly the onus is shifting to the user to ensure that data governance best practices are being employed within its organization.