Can we really have privacy in the cloud, or on the internet generally? There was no escaping this question last week at the CME’s Global Financial Leadership Conference in Naples, Florida, where I spoke on the rise of FinTech services and the use of cloud computing to drive digital transformation.
Today, nearly every company collects truly extraordinary amounts of data, from purchase and transaction data to browsing histories to driving data from your car to fitness and health data from IoT devices. Should you be worried?
Some may remember Scott McNealy’s (then CEO of Sun Microsystems) famous (or infamous) remark in 1999: “You have zero privacy anyway. Get over it.”
Well: we didn’t get over it. In fact, fueled by public demand, both governments and technology companies like Microsoft, working together, have made concerted efforts in terms of policy and regulation, and advanced technology, to protect your data.
For example, in 2015 Microsoft became the first cloud provider to comply with ISO-27018, the world’s first international standard for cloud privacy. Why is that important — ISO-27018 (based on EU privacy laws) requires:
- You know where your data is in the cloud: in which data center, in which country, so that you can appropriately comply.
- Your data won’t be used for marketing purposes without your consent.
- Personally identifiable information (PII) is handled in an appropriate and transparent fashion; you are in control.
- Compliant providers only comply with legally binding requests for customer information, and inform customers of the request, unless legally prevented from doing so.
These are great guidelines not only for cloud providers but also for enterprises that place customer-facing applications in the cloud, and you’ll find a complete overview of privacy and trust in Azure.
Ensuring privacy in the cloud requires technical innovations as well. We’re hard at work here. Below are just some of the innovations we’re focused on to support user privacy:
- With a remarkable technology called homomorphic encryption, applications such as business intelligence can operate and extract insights from encrypted data in the cloud – without ever decrypting it (available for your developers to try).
- A related innovation called secure multiparty computation lets one group share data with another, without giving away any of the contents.
- Yet another technology, originated at Microsoft, called differential privacy, minimizes the chances that a rogue program can infer PII from so-called “anonymized” data. (The need for this was highlighted some years ago when the state of Massachusetts released health records of public officials with names and other data obscured. A graduate student at Carnegie Mellon was nevertheless able to triangulate – based on zip code, gender and other information, cross-linked with voter registration information – the specific records of the governor of the state.) Differential privacy enables statistical analysis of large data sets with customer data while minimizing the probability that any particular customer record can be identified.
We’d love your feedback on these new areas of innovation in privacy. Which do you think is most important to bring to market first?
* * *
Privacy is just one anchor of a cloud that you can rely upon. Recently, Microsoft published A Cloud for Global Good, in which we advocate a framework both simple and elegant for a cloud that is trusted; a cloud that is responsible; and a cloud that is inclusive.
Bolstering trust and transparency, driving inclusion, protecting user privacy, promoting human rights and preventing cybercrime: these are imperatives that we need to collectively address as an industry, working with customers and governments globally, to make sure everyone benefits from the cloud, that no one is left behind.
We know we don’t have all the answers and maybe not even all the questions: with A Cloud for Global Good we hope to create a conversation among technology vendors, including our competitors, governments, and our customers. We’d love to hear your thoughts. Leave us your ideas in the comments. Thanks!