Step Two: Addressing Security And PrivacyStep Two: Addressing Security And Privacy

Now that cloud computing has passed the technology test (that is, for the most part, it works), what areas need the most attention? Without a doubt, security and privacy are at the top of that list.

Towards that end, Microsoft is looking to the federal government to create legislation regulating cloud computing in just those areas. "We need government to modernize the laws, adapt them to the cloud, and adopt new measures to protect privacy and promote security," said Brad Smith, the company's general counsel in an address at the Brookings Institution in Washington, D.C. a few months ago.

Security, of course, has been a concern about cloud computing since day one. It takes a leap of faith to turn over sensitive or competitive corporate data to a third party. In a recent information Analytics survey, "concerns over security" tied for first place as the reason why business technologists were not using software-as-a-service; the other top concern was "no business requirement."

Microsoft has suggested that penalties against criminals that illegally access cloud systems be strengthened, and that cloud service providers (like Microsoft itself) be allowed to pursue such criminals. (Yikes! I certainly wouldn't want Microsoft after me.)

Data privacy, on the other hand, suffers from the opposite syndrome: too many laws. Different countries have different laws regarding data privacy, some more (much more) stringent than others. It makes for something of a legal nightmare for global countries employing cloud service providers in various geographic locations.

In that regard, Microsoft is suggesting that Congress urge the President to negotiate with other countries to rationalize and standardize data access laws internationally.

There is much that potential cloud computing customer can do to alleviate concerns about security and privacy by discussing them upfront with their potential cloud service providers. These are issues that need to be reconciled, to the extent that they can, before entering into a cloud service relationship. Whether more new legislation is needed in this area or not (and it probably is), Microsoft does the cloud computing community a service by airing these issues out.Now that cloud computing has passed the technology test (that is, for the most part, it works), what areas need the most attention? Without a doubt, security and privacy are at the top of that list.