Insufficient data from Andrew Fryer

The place where I page to when my brain is full up of stuff about the Microsoft platform

Cloud Security

The biggest blocker to public cloud usage is concern about security and privacy.  This usually falls into one or all of these particular concerns:

  • Do I trust cloud provider X to look after my data?
  • Can I legally use cloud provider X given the regulatory framework in the UK?
  • Can I setup good security to get at my data/application without my users having to jump through extra authentication hoops to use it?

Finding definitive answers to these can be hard, and although I can answer these:

  • You are probably already trusting Microsoft’s cloud services  with key data about you/ and your family  e.g. Hotmail, MSN Messenger, XBox live, SkyDrive etc.
  • We have data centres inside the EU, and some parts of government, and banks are already using Microsoft’s cloud services having satisfied themselves that they will still be compliant.
  • As I have mentioned before ADFS v2 allows credentials to be trusted from your on premise environment into the Microsoft’s cloud services.

..realistically you are going to want more reassurance than I can provide here.

So you might have noticed there is a new banner at the top of the main UK TechNet page today..


..which will take you to a one stop shop to get the answers at TechNet ON.

This is a two weekly initiative to give you complete coverage of a particular topic from one place, in this case the complete word on Cloud Security, from subject matter experts like David Chappell, J.D. Meier and our own Dave Gristwood

My final comment on this is that your data might actually be more secure in the cloud:

  • A physical attack (i.e. breaking in and literally grabbing the data) is going to be far harder as the Microsoft data centres are not that easy to get into , and you aren’t going to have to worry as much about a disgruntled employee wandering off with your key data
  • An online attack  is also going to be difficult given that Microsoft is well used to just about every attack known to man. 
  • As far as code vulnerability is concerned you will be running the same code as before so this no worse than before.