Is the public cloud secure?

Security is still one of the biggest concerns and reason why companies today are adopting the public cloud relatively slow.

It’s very important that we understand the differences between lawful access and unlawful access when it comes to the cloud. In short, lawful access is when the given party or government has the legal right to access data and under unlawful access the given party, government, or criminal just takes the data.

Lawful access

The Law is part of our responsibility as a society both locally as well as internationally. I’m aware that not every country has a democratic government, but for the countries that do hold fair elections,  it is in their hands that they put the right politicians in place to create the law framework, which we can then use to hold cloud providers accountable.

At this point, we are only beginning to see the urgency of a global legal framework to govern our data. And quite frankly, it’s absolutely overdue. Some of the most progressive countries are still using data privacy laws that were put into place during the early nineties. Technology has progressed immensely since then and as a matter of fact now in 2016, we are talking about the next industrial revolution. Therefore, I ask you to play your part and let your representative know that you want your data protected in the globalized world.

Unlawful access

We often hear in Europe the acronym NSA from customers. What our customers usually forget is that pretty much every country has their own secret agency. It’s in the DNA of such an agency to spy on others.

On Wikipedia you’ll find the following definition: “An intelligence agency is a government agency responsible for the collection, analysis, and exploitation of information and intelligence in support of law enforcement, national security, military, and foreign policy objectives. Means of information gathering are both overt and covert and may include espionage, communication interception, cryptanalysis, cooperation with other institutions, and evaluation of public sources. “

Because most Technology departments are considered “Cost centers,” it’s highly doubtful that they are doing the best possible in IT security. Most companies perform the bare minimum to stay compliant, which is primarily just simple risk management. In any company, regardless of the amount of money spent in security technology, the human factor will always be the weakest link.

Then there are cybercriminals that follow their own agenda. So what can we do against that? On one side there are many industry standards and best practices that we can get certified on. But as in many cases, you’re only as good as your experience, especially in IT Security. The first time you get attacked, you might be caught by surprise. If you see the same pattern for the second, third or fourth time, then you already know what you need to do.

Microsoft isn’t just the leader in the industry, they’re also leading the fight against government to protect our data. They are lobbying on our behalf in different nations to shape and provide a legal framework. It’s not just empty words, as they invest 1 billion USD / year in Security. There is a pretty unknown group at Microsoft called the Digital Crimes Unit, you can learn more about them in the video down below.

Noburu Nakatani from Interpol says that “Microsoft is a game changer in the fight of cybercrime.”

When taking all these efforts into account, I trust the public cloud from Microsoft more than I trust my bank or any private cloud. I know for a fact that my bank isn’t making the same investments that Microsoft does in IT Security. And as far as I’m concerned, I don’t believe that security has anything to do with which country your data is stored. If your environment is connected, it’s connected. That’s it. We all know that cyber criminals don’t stop at the border.

What about you, do you trust the cloud? If not, what is your concern?

Written by Dave Kurth
Thriving within my current role as Product Marketing Manager, I am the leader and voice of the Microsoft Azure within the Swiss subsidiary. Views are my own.