In a blog post today, Brad Smith, General Counsel and Executive Vice President, Legal and Corporate Affairs for Microsoft, announced that Microsoft has adopted the first international standard for cloud privacy (ISO/IEC 27018:2014). The guideline is important because it specifies guidelines for the protection of Personally Identifiable Information (PII) in cloud computing environments.
You can read more about what this means Smith’s blog post, but it’s important to note that this post is not just about Microsoft saying that it has adopted the standard, but it’s also about an independent auditor validating compliance.
Protection of PII is one of the key reasons that some of my clients have been reluctant to move to the cloud. Integration with on-premises systems is another. It’s pretty clear from Microsoft’s messaging about the evolution of SharePoint that organizations don’t have to make a black and white choice about SharePoint on premises versus Office 365. Both are possible and compatible in hybrid scenarios, and the future of SharePoint is clearly hybrid-friendly.
I recently spoke with a CIO in a defense department agency and was surprised to learn that even the U.S. DoD is not immediately ruling out the cloud for non-secure collaboration – but that a comprehensive business case is required before public cloud-based solutions can be considered. We couldn’t get much support for documenting that business case for the solution I’m currently working on, but the fact that “no!” wasn’t the first answer helped me appreciate just how important today’s announcement about ensuring security and privacy for Office 365 really is.
Want even more information about what this all means? Check out this post by the Privacy and Security Fanatic here at NetworkWorld.