Data Security & Privacy

Microsoft and Google Highlight the Difficulty in Finding a ‘Standard of Care’ in the Clouds

Posted Seaton M. Daly
The Redmond-based software giant, Microsoft, Corp., (MSFT), announced today that it will be getting its suite of hosted messaging and collaboration products certified to the ISO 27001 international standard for information security.  Interestingly, Google, Inc., in a similar move has decided to get its suite of products certified by the Federal Information Security Act (FISMA) for much the same reason.  The move by the two competing firms is to reassure an increasingly doubting public that operating a business in "the Cloud" is safe and secure (and as a way of trying to win over the U.S. government market as well).  The takeaway from all of this is – which company/standard do you believe?  VP of MSFT Federal, Ms. Teresa Carlson, stated that "FISMA is outdated. It is largely a paper-based exercise. We want to take it up a notch."
 

The ISO 27001 standard is managed by the international standards body ISO and the International Electrotechnical Commission. To get certified under the standard, Microsoft will need to show that its physical, logical, process and management controls for protecting its suite of cloud services meet a rigorous set of audit criteria.  Though the ISO 27001 standard is widely recognized internationally, it has failed to gain much traction in the U.S.  "Within the federal market, it is a cultural issue," Bill Billings, chief security officer of MSFT Federal, said. "This is really about making them feel comfortable about their partnership with Microsoft." 

So the question now becomes, will it be totally impossible for a standard of care in cloud computing, or hosted services for that matter, to be determined since it appears that the two largest players in the industry are going along to different paths?  Is it feasible to think that they, and other providers (i.e. Amazon), can even come to the table and agree on a standard?  What is obvious, is that now the line has been drawn in the sand, and a battle over which standard the consumers believe is better will be waged.  The outcome will be determined on who "wins over" the trust of consumers as the "Cloud" becomes an everyday part of the business landscape.

To read more about this, please click here:  Microsoft Wants ISO Security Certification for its Cloud Services

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.