Think HBR

Security in a data-centric world: Microsoft’s view

Can you really trust your internet provider? That’s a red-hot topic right now, and little wonder. A recent series of high-profile data breaches and the release of U.S. National Security Agency files revealing global surveillance programs have left consumers with serious concerns about protecting their privacy and security online.
Revelations about commercial entities treating consumers’ data as a free profit-making resource—and tracking their customers to help them target advertisers—don’t help. Meanwhile, fresh security and privacy challenges are emerging in this new era of cloud computing, where connections are massively decentralised and distributed.
As consumers navigate the online ecosystem—and especially the cloud—how can they be sure the services Microsoft provides have meaningful privacy protections in place?
“First, we don’t scan customers’ communications for the purposes of creating advertising products,” says Jeff Bullwinkel, Microsoft’s Associate General Counsel for Asia Pacific and Japan. “That’s a clear distinction between our approach and that of some other companies.”
“Second, we’re taking new steps to protect customer data from unauthorised government access. As well as expanding encryption across our services, and enhancing the transparency of our software code, our practice is to notify business and government customers should we ever receive legal orders related to their data.”
Does that mean Microsoft will honour its privacy commitment to its customers and not disclose the private content of their emails?
“Except in the most limited circumstances, that’s exactly right,” says Mr Bullwinkel. “And if a gag order attempts to prohibit us from revealing to our customers the existence of a government request for their information, we’ll challenge it in court where possible.”
Microsoft also recently announced that it will give non U.S servers outside the U.S. So what prompted this decision?
“People should have the ability to make an informed choice about where their data sits,” Mr Bullwinkel explains.
“Over time, we’ve been growing our data centre build-outs. We recently announced a number of new centres in Asia—both in Australia and Japan—to augment those we have in Singapore and Hong Kong. But our customers can choose where to store their data. That sets us apart from our competitors, who don’t necessarily have the same certainty about where customer data sits at any given time and who, in general, are not giving customers the same kind of choice about where their data can reside.”
Microsoft is now opening a network of “transparency centres” that will provide government customers with greater assurance about the integrity of the company’s products.
“We’re opening these centres in Singapore, the Americas and Europe,” says Bullwinkel.
“Customers will be able to review our source code, reassure themselves of its integrity, and confirm that there are no back doors.”
In our increasingly device-laden and digitally connected world, data is exchanged across intangible frontiers, allowing access to information from everywhere. Yet ultimately, customers will entrust their information to the cloud only if they have confidence that it will remain secure.