Dealing with cloud is never simple, as proven by the session on the subject during the Microsoft Underground Tour, held in Redmond, Washington. Ryan Noik continues on from Part 1.

With examples given of actual cases where Microsoft had challenged the government and won, the conversation on cloud quickly turned to a critical key – trust. More particularly Neal Suggs, the vice president and deputy general counsel for Microsoft, explained that the company has pursued the concept of the trusted cloud, whereby it is endeavouring to reassure customers that their data is safe on its servers.

Suggs began by addressing an issue that has been brought up since cloud was first conceived - security. He stressed that confidentiality and integrity are paramount, and this includes the physical security in data centers. Indeed, the security measures in place at its data centre sound straight out of a briefing in Mission Impossible, when it is explained to Tom Cruise all the ways the top secret base he need to infiltrate is impenetrable.

Neal Suggs, vice president and deputy general counsel, Microsoft.

60 seconds till self destruct

“Firstly, there is no signage, so from the outside you would never know it was a data center. Then, there are electric fences on the perimeter with one door that you have to be buzzed in to enter a lobby area. If you want to get to the production side, you need to be granted access through a door that weighs you going in and out. Once you get behind that, every door is locked and can only be released by credentials. Then there are also hundreds of cameras, most you which aren’t visible,” he elaborated.

So breaching a datacenter to steal sensitive information is near impossible, but what about subverting it from the inside? Suggs continued that even those personnel who work at its datacenters, who can identify the correct building and legitimately pass through its security measures, do not know what or whose data is stored on their building’s servers.

This is a far cry from some on-premise solutions – one of which Suggs related, consisted of an IBM PC in an empty office marked with a Post it note that said “do not turn off.”

For your eyes only

No less critical to establishing trust is another essential component - privacy and control. Suggs explained that these go hand in hand, as privacy can have a number of different meanings. In the context of cloud, he noted that most people want to share information, but they want to be in charge of with whom it is shared.

To this end, Microsoft has ensured that its customers control who has access to their data. “It is a rare occurrence that Microsoft needs to access a customer’s data in order to support them. If it does happen, usually it is at the customer’s request,” he explained.

Should this be unavoidable, the onus is placed on Microsoft to prove that it needs to access the data and ask for permission to do so. Furthermore, any access of customer’s data is recorded and independently audited.

Suggs reassured that the company has rules on deletion of data, with clients’ data being 100% removed from its system no later than 180 days after the request is received. “This delay is just in order to protect the system and ensure there is no memory file anywhere,” he explained. Moreover, he stressed that Microsoft regularly replaces its hardware, and has its drives “chewed up”, so as to ensure that errant data is lifted out of service and not available.

If you show me yours...

Yet another part of creating its trusted cloud, is transparency. In a bid to let its customers know what is happening, Microsoft produces law enforcement request reports. Additionally, the company is also making an effort to make its contracts easier to read and understand by the layperson. Indeed, the industry is notorious for producing contracts that are riddled with legalese, and that you have to accept in order to proceed with software installation. It’s also a well known fact that few people ever bother to read EULA  (End User License Agreements) and probably wouldn’t understand all the legal ramifications if they did.

Finally, Suggs had an interesting take on regulatory compliance, pointing out that Microsoft considered it a differentiator, rather than an obligation. This also works the other way, with Microsoft insisting that its customers are compliant with certain regulations in order to use its tools. This has particular significance when it comes to child pornography rings or syndicates, for example, so criminal elements wouldn’t find quite so much accommodation in the cloud as a legitimate business.

With these measures, the company clearly believes that the impedance to full cloud adoption has been removed, and that the question whether customers can trust its cloud provision services should be answered in the affirmative.

Need to catch up? Navigate to the links below to read all the previous articles in the coverage so far.

Overview

Cultural Shift

Microsoft Research

Research projects

The next era of computing

Welcome to Area 51

The Engines of Innovation

Technology for the good of all Part 1