Microsoft's weak cloud privacy position

Company's cloud privacy position paper leaves much to be desired. Microsoft needs to lead its customers to the cloud and not continually lag behind.

Microsoft released on Thursday a new position paper, "Privacy in the Cloud Computing Era: A Microsoft Perspective," that includes information about the remote storage and processing of personal information.

Privacy and security concerns continue to be a primary argument that cloud naysayers use against storing data and applications on the Internet. Big IT vendors and service providers like Microsoft and Hewlett-Packard will sooner or later be forced to take the cloud seriously or risk missing out on the whole next wave of IT consumption. And their large enterprise customers will expect them to offer cloud services with the appropriate levels of privacy and security measures in line with their business needs.

The interesting thing about this paper is that Microsoft takes surprisingly minimal responsibility for the data it will manage:

Unlike our consumer business, in which Microsoft has a direct relationship with consumers and directly controls the policies that govern their data, our cloud services for business customers defer to the policies of those customers. In this case, Microsoft has no direct relationship with the business's employees or the customers to whom the hosted data may pertain. Policies relating to the business's handling of this data in the cloud environment are controlled and set by that business rather than by Microsoft. Our role is to handle and process the data on behalf of the business, much like third-party telephone call centers process customer inquiries, orders, and data for their business customers.

The division of responsibility between an enterprise or government and its cloud services provider is similar to that of a company that rents physical warehouse space from a landlord for storing boxes of customer or company files. Even though someone else might own the building, access to those files and the use of information within them is still governed by the policies of the company that rents the space. These same principles should apply in the cloud environment.

The warehouse metaphor is a good one, but I find it hard to apply to Microsoft's cloud efforts as the company is not offering services like Amazon.com's S3 or EC2 but rather doing the actual data management of e-mail and documents through online services. And while a position paper is a flexible document, this type of thinking and positioning is not what customers want to hear.

Customers will need guidance and assistance to make the right choice not just about whether or not they should use cloud services, but also regarding recommendations and defined processes once they are ready to make the jump.

Microsoft's privacy principles are well documented, but as I read through this position paper, I found myself expecting more substantial assurances, especially considering Microsoft wants to be a cloud services provider for not just consumers but for enterprises and governments as well.

About the author

Dave Rosenberg has more than 15 years of technology and marketing experience that spans from Bell Labs to startup IPOs to open-source and cloud software companies. He is CEO and founder of Nodeable, co-founder of MuleSoft, and managing director for Hardy Way. He is an adviser to DataStax, IT Database, and Puppet Labs.

 

Join the discussion

Conversation powered by Livefyre

Show Comments Hide Comments