With recent updates to the security and privacy frameworks supporting Office 365, Microsoft now boasts ownership of the first and only major cloud-based productivity suite that complies with stringent United States and European Union data compliance standards.
By bringing Office 365 features into alignment with the European Commission's Data Protection Directive and the U.S.-sponsored Health Insurance Portability and Accountability Act, Microsoft may win crucial support for its cloud service in an era increasingly defined by public and private sector data breaches.
"Until recently, concerns about the security and privacy of patient data have been the most common barrier to healthcare organizations realizing the full potential of cloud-based technologies," explained Microsoft spokesman Michael Robinson. "Microsoft is helping remove that barrier by embedding privacy and security capabilities in Office 365 that enable health organizations to address their HIPAA compliance requirements. Today, Office 365 can help hospitals, insurers and clinics confidently empower their staff to be efficient and productive virtually anytime and almost anywhere while substantially reducing their IT operating costs."
In addition to its well-timed focus on data security in the healthcare sector, Microsoft has also achieved compliance with a broader family of information management standards put forth by the International Organization for Standardization and International Electrotechnical Commission. Under this benchmark, the company will submit to annual independent audits and publicize the results to customers. In this way, Microsoft may be able to combat cloud security skepticism by displaying both accountability and transparency in its operations.
The company also hopes to foster seamless operational transitions with the establishment of Office 365 Trust Center, a centralized hub of in-depth information regarding internal privacy and security practices and how they have evolved within the latest version of the cloud service.
According to Wired, this move is likely in response to recent concerns expressed by EU customers utilizing U.S.-based cloud services. In particular, European businesses feared that the broad scope of jurisdiction afforded to American law enforcement authorities could infringe on the privacy of both internal and customer-facing operations.
In fact, the vice president of a U.K. defense contractor recently identified the Patriot Act as the lone deterrent to Office 365 adoption within his firm.
"I was on a study tour recently, and 85 percent of European companies out on that now cite international regulations being their major issue," BAE executive Charles Newhouse explained at London's recent Cloud Summit 2011, according to CRN. "Everyone was on about the U.S. Patriot Act, saying that the geo-location of their data and who has access to that data is the number one killer for adopting to the public cloud at the moment."
This fundamental distrust of international cloud security has become so prevalent that several EU-based providers are now showcasing their exemption from U.S. law enforcement as a top selling point, according to the Washington Post. Discouraged by this development, EU Justice Commissioner Viviane Reding has called for alignment of American and European cloud compliance standards.
"I do encourage cloud computing centers in Europe … but this cannot be the only solution," Reding told reporters. "We need free flow of data between our continents [and] it doesn't make much sense for us to retreat from each other."
Although some may doubt the impact of this political rhetoric, Microsoft's swift actions are encouraging news. Aside from amending their own practices to bolster data privacy mechanisms, the company will also likely inspire similar developments from its rivals. According to InformationWeek, the "first and only" phrasing tied to Microsoft's cloud compliance announcement is expected to merit a direct response from Google Apps in the battle for market share.
Cloud Security News from SimplySecurity.com by Trend Micro