Microsoft calls for cloud security legislation

Microsoft has called on the US government and the IT industry to take immediate steps to improve the security of cloud computing.

Brad Smith, senior vice president and general counsel at Microsoft, told a Brookings Institution policy forum this week that businesses need more reassurance when moving data from on-premise infrastructures to private and public clouds.

Providers of cloud computing services, like Microsoft, need to make their security policies more transparent, Smith insisted, adding that the US government should introduce data protection policies specific to the cloud and come down harder on data centre hackers.

"One obvious attribute of the cloud is that information is typically stored on a server computer controlled by a third party. This makes it all the more important for service providers to be thoughtful and clear in deciding and communicating what they will do with this information," he said.

"Equally important, we need government action to ensure that, as information moves from the desktop to the cloud, we retain the traditional balance of individual privacy vis-à-vis the state.

"Government will play a key role, not only in using cloud computing to enhance transparency and improve its services, but in moving the law forward to keep pace with technology."

Smith added that the conversation about cloud security needs to be global because there is so much global data legislation relating to privacy and security.

"It needs to take place in Washington DC, but it needs to include individuals from across the country and in many other countries as well," he said.

A recent Microsoft survey of business leaders' attitudes to cloud computing found that 86 per cent are excited about the initiatives, but that 90 per cent are concerned about the security, access, and privacy of data in the cloud.