By going through this data classification process, a cloud service user can understand the value of data and decide: Is it appropriate to put it in the cloud? Or do I need to store it locally in my own infrastructure? It is critical to go through such data classification process to understand what the risk is by moving data to the cloud.
ACF: What has Microsoft done to enhance the security of its cloud services?
TR: For a lot of enterprise customers that want, or are considering cloud computing, what they want to know is the cloud service that they are considering is operating in the way that is consistent with how they operate their own infrastructure.
For customers that have compliance obligations, if they don't keep those obligations then they can get shut down by the government. And so when they consider cloud computing, they face this new paradigm, where most of the security controls are out of their control. And this is obviously an uncomfortable feeling.
[As part of the Cloud Security Alliance,] what we are trying to do is to give organizations enough transparency into how we [Microsoft and other partners belonging to the Cloud Security Alliance] do security controls, and define security standards for cloud computing. In this way, we provide enough transparency to customers, so they can understand how our services are being operated.
[Enterprises are also concerned about] industry standards -- one of them being ISO27001, an industry standard for security management. What we've done at the Cloud Security Alliance, is come up with a list of controls that are based on ISO27001 -- an industry standard that a lot of customers know really well.
Then Microsoft tries to provide enough insight into how we manage those controls that they can understand how we are managing our cloud services. And that level of transparency, really helps them feel comfortable with the cloud, knowing that it is being operated responsibly, and on a standards-based way, and knowing that it is aligned with how they want their data and applications managed.
Sign up for CIO Asia eNewsletters.