Microsoft has revealed that it has become the first cloud provider to adopt the international cloud privacy standard, or the ISO/IEC 27018.
This particular standard was revealed by the International Organization for Standardization, or ISO, in July of 2014 and its aims is to establish a uniform approach to the protection of personal data and privacy stored in the cloud.
Cloud protection and privacy have been a hot topic of debate ever since the NSA’s mass surveillance has been revealed to the public. Microsoft itself has spent plenty of time in court over cloud data jurisdiction.
Microsoft Azure, Office 365 and Dynamics CRM Online, all Microsoft services, are aligned with the ISO/IEC 27018 standard.
This standard assured clients that vendors, in this case Microsoft, only have access to PII, or personally-identifiable information, as well as transparency of storage, transfer, return, deletion and use of personal information at the data center.
The standard also stipulates that the personal details of clients are not to be used for advertising purposes and that users are informed when third-parties have seen their information.
The standard also requires CSPs (Cloud Service Providers) to keep clear records on security incidents in the event of a hack, to notify the customers in case of a hack but also in case law enforcement services requires access to their personal data. The new standard is the epitome of transparency and Microsoft adhering to it will surely put many people’s minds at ease.
Microsoft said that they will inform the cloud users about government access to data. They highlighted the fact that the standard requires all law enforcement requests for disclosure of PII must be disclosed to customers, unless the disclosure in prohibited by law. Microsoft concluded:
We’ve already adhered to this approach (and more), and adoption of the standard reinforces this commitment.
Brad Smith, Microsoft general counsel, revealed that the company’s adherence to the ISO standards is made in hopes of rebuilding trust in the company and with its users, which suffered greatly after the Snowden case.
Smith continued:
As we’ve said before, customers will only use services that they trust. The validation that we’ve adopted this standard is further evidence of our commitment to protect the privacy of our customers online.
Image Source: Cloud Times