Microsoft urges laws to boost trust in the cloud

Company's general counsel calls on business and government to work together to address privacy and security for cloud computing while the time is ripe.

Lance Whitney Contributing Writer
Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.
Lance Whitney
3 min read

Microsoft is so concerned about the future of cloud computing that it's urging the government to step in.

In a speech Wednesday, Microsoft general counsel and senior vice president Brad Smith called on government and business to shore up confidence in cloud computing by tackling issues of privacy and security--two major concerns that have been voiced about the cloud.

During his keynote speech to the Brookings Institution's "Cloud Computing for Business and Society" form, Smith also appealed to Washington to pass new laws and update existing ones to address problems such as computer fraud and cyberattacks as more businesses and consumers hop onto the cloud.

Brad Smith,
Microsoft general counsel " credit="Microsoft" />

"We also need government to modernize the laws, adapt them to the cloud, and adopt new measures to protect privacy and promote security," Smith said. "There is no doubt that the future holds even more opportunities than the present, but it also contains critical challenges that we must address now if we want to take full advantage of the potential of cloud computing."

To back up his position, Smith cited the results of a recent Microsoft survey that gauged feelings about cloud computing among business executives and the general public. Commissioned by Microsoft, the survey questioned 700 members of the public, 200 IT executives, and 200 senior business leaders in December.

Microsoft's survey found that 58 percent of the public and 86 percent of business leaders are excited about the possibilities of cloud computing. But more than 90 percent of them are worried about security, availability, and privacy of their data as it rests in the cloud. Microsoft said it also found that most of the people surveyed believe the U.S. should set up laws and policies to govern cloud computing.

During his speech, Smith proposed that Washington create a Cloud Computing Advancement Act that would protect consumers and give the government tools to handle issues such as data privacy and security. He added that an international dialogue is crucial in addressing data security so that information is protected no matter where it resides.

"The PC revolution empowered individuals and democratized technology in new and profoundly important ways," Smith said. "As we move to embrace the cloud, we should build on that success and preserve the personalization of technology by making sure privacy rights are preserved, data security is strengthened, and an international understanding is developed about the governance of data when it crosses national borders."

In proposing legislation, Microsoft is looking to the government to enact specific measures, including to:

  • Beef up the Electronic Communications Privacy Act to more clearly define and protect the privacy of consumers and businesses.
  • Update the Computer Fraud and Abuse Act so that law enforcement has the resources it needs to combat hackers.
  • Establish truth-in-cloud-computing principles so that consumers and businesses know how their information will be accessed and secured.
  • Set up a framework so that differences in regulations on cloud computing among various countries can be better clarified and reconciled.

Microsoft's survey and the speech by Smith echo sentiments about cloud computing that have certainly been seen elsewhere. Other studies have found that businesses view the cloud as a viable way to save money and rely less on internal IT. But those same businesses cite privacy and security as the biggest concerns of using a cloud-service provider.

Microsoft, of course, acknowledges that an external provider with the right expertise can often provide better security than many companies can internally. But with incidents of providers hit by outages or losing data, businesses are likely to remain cautious about storing data in the cloud.