Home / / Legislation review needed to protect cloud data says Microsoft

Legislation review needed to protect cloud data says Microsoft

Strong data protection laws could help Middle East countries to become trusted cloud hosting locations

Legislation review needed to protect cloud data says Microsoft
Cloud-focused legislation is likely to be developed by many governments in future, says Smith.

Microsoft's general counsel has said there is a global need for governments to review legislation relating to cloud services and data hosting to increase confidence in the security of such services.

Speaking exclusively to .GOV magazine, Brad Smith EVP and General Counsel, Legal and Corporate Affairs, Microsoft, said that there is a need for more robust laws to protect data hosted in the public cloud, to drive cloud adoption.

"This is a topic of interest, at this point, to virtually every government in the world. The number of countries that have broad laws in this space is relatively small, just as we saw in the 1990's many countries around the world strengthened their copyright laws, because they knew that would bring more software investment and software technology, I think over the next decade we are going to see many countries adopt cloud-focused laws that will go far to strengthen security and privacy in the cloud. That will be a good thing for the public sector and the private sector," Smith said.

"There are a number of countries that have strong laws that should give people confidence, but at the same time, virtually every country needs to update its law. The technology has changed rapidly, people's understanding of the technology issues has changed as a result. I don't think there is a single country in world that has on its books today the law it will want to have on its books in 2020."

Microsoft is currently working with governments to help develop new legal frameworks for the cloud, Smith said. At the same time, it has also put in place a number of measures including technical protections, contractual measures and standards certifications to increase confidence in its own cloud services.

The company has also given careful consideration to where it places the data centres that will host its cloud services. At present, Middle East cloud customers are normally served by Microsoft's data centre in Dublin Ireland, because of that countries strong data protection laws.

"Ireland has become to data what Switzerland has long been to money. Ireland has a good law, a strong data protection authority and I think customers in this part of the world can have confidence in that as an approach," Smith said. "We have chosen Ireland for this part of the world because we believe that it is a country that many other countries can look to and have confidence in."

Smith said that local demand for data centres will drive up their deployment in the Middle East, and that there is an opportunity for governments in the region to create legal frameworks to promote themselves as a preferred, trusted country for data centre hosting, although at present he did not see any ‘first movers' in the region.

"I think there is an opportunity in the Middle East for governments to enact new legislation, that is something that we think would speed the adoption of the cloud, it would bring the benefits of the cloud to more people more quickly, and I think it is the sort of step we can be constructive in helping people take," he added.

Follow us to get the most comprehensive IT solutions delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.