Satya Nadella gave a speech last week before the Microsoft Government Cloud Forum on Microsoft's approach to security, and a good deal of it had to with the cloud and trust.
Microsoft isn't alone in wanting to build trust in the cloud, and with every news report of a private data center breach, a cloud company with a good track for security looks better all the time.
Nadella certainly understands this saying, "But customers are not going to use this technology if they can’t trust it. And that’s why trust for us is central to our mission of empowering every person and organization."
For customers sick of being hacked, that kind of message has to resonate. Nadella certainly didn't miss the opportunity to talk about the litanny of highly publicized private data center breaches over the last few years.
But trust is more than simply believing that your cloud vendor will keep an eye on your data and protect it from hackers, so your company is not the next victim of a high profile data breach. It touches upon a number of areas that Nadella outlined in the speech.
Cloud security principles
Specifically, he laid out four principles that seem like a good starting point: ensuring your data is private and under your control, giving you the tools to comply with laws around privacy such as HIPAA, being open and transparent about how the cloud company uses the data under its purview and ensuring the data is secure.
Whether or not you believe Microsoft or your cloud vendor complies with each of these principles, this seems like a common sense approach to cloud security and one you could use as a security baseline as you shop for cloud vendors in the future.
One thing we have learned is that while some online services have been hacked like the infamous Adobe and LinkedIn hacks, these were not cloud services in the true sense. The cloud companies seem to have much more invested in making sure their services are safe and secure from the kinds of hacks we have seen at private data centers or even in password hauls like Adobe and LinkedIn.
Surely you've heard it before, but a cloud service lives and dies by how secure it is. It invests money and resources and architects its solutions to minimize data loss. Consider that when a hacker got inside of Sony, it got access to the entire server infrastructure and all that entailed from emails to unreleased movies.
Most people have their information spread out across a variety of cloud services, so even if in the unlikely event a cloud service were breached and your data were compromised, it would only involved the data within that individual service and not the keys to the entire kingdom as happened in the Sony breach.
No system is infallible of course, but the cloud vendors are trying to build this system of trust that Nadella outlined for his company. Regardless of how you feel about that, the nature of the cloud tends to make you more secure than keeping all of your security eggs in one basket in a private data center.
Photo Credit: Terry Johnston on Flickr. Used under CC 2.0 license.