John Weigelt, National Technology Officer, Microsoft Canada
Data Sovereignty and Privacy
John’s job is to avoid “those unintended consequences” around technology adoption.
Discussion about what constitutes cloud computing especially being clear about the context. SaaS, PaaS and IaaS all have different contexts and require different approaches when considering data security and privacy.
Microsoft Infrastructure Investment – data centres in North and South Central USA, North and Western Europe, East and South East Asia.
There will no plans by Microsoft to build a Canadian data centre.
There is no economics especially customer base and scaling, higher levels of legal “friction”, and not a viable cost model for Microsoft.
Common Questions about Cloud Computing
- human resources
Law – BC legislation obliges their government entities to maintain personal info in Canada. Nova Scotia has similar legislation but allows DM to authorize international data transfers
US Patriot Act – mis-perceptions with the business community regarding the US Patriot Act and how the lack of clarity surrounding this piece of legislation has resulted in lost opportunities. Fred Cate “there is a vanishingly small chance” that the exercise of the Patriot Act can actually be used. Also look at David Fraser (http://privacylawyer.ca) for an analysis of the national privacy laws.
Security & Compliance Program
Take a layered approach – Microsoft implemented the “Trustworthy Computing” initiative in 2002 for all their software.
- security management
- internal network
- network perimeter
Microsoft is the #2 most attacked entity after the US Department of Defense on the Internet. Microsoft as a strong commitment to meeting security standards and is regularly independently audited based on these standards. There is support for the full continuum of private, hybrid and public cloud services.
Call to Action
- hone your skills
- understand the service expectations for the services you currently provide
- seek opportunities to leverage cloud services
- engage in the conversations with your compliance authorities