During Noel’s visit to Kiwi shores, he also felt it imperative to discuss how Microsoft is trying to make itself more resilient, and therefore minimising the risk for businesses considering cloud.
In the context of it, Microsoft could argue that as a cloud service provider, the company has invested significantly more money and resourcing than rival firms to ensure its cloud data centre is locked tight and secure.
While trust doesn’t come cheap, is throwing money at a data centre the best way to ensure victory in the war of trust?
“Again, absolutely not,” reaffirms Noel, keen to look past the vendor hype and instead lay the foundations of long-term confidence in the cloud. “This shouldn’t mean businesses should follow Microsoft and put everything in the cloud, but there is another side to this.
“Microsoft has a presence in so many countries worldwide, and we adhere to so many obligations and of course, collect a lot of intelligence not only from our technology but around what is happening on a country by country basis.
“We can spot things and we can share this information with stakeholders, enterprise and Government. Contrary to what people assume, I’m not in New Zealand to sell, I’m here to establish a trusted relationship with the market with what we at Microsoft consider to be best practice.”
In recognising that trust is necessary for organisations and individuals to fully embrace and benefit from cloud services, Microsoft’s Trustworthy Cloud initiatives are built around many years of experience, forging a commitment to security, privacy, and transparency principles, and on leading industry practices.
Although the cloud can be abstract, Noel insists that the Microsoft approach to delivering a trustworthy cloud is not.
“This is our DNA,” Noel adds. “This is what we stand for and essentially the main reasons why any organisation should trust Microsoft as a cloud service provider.
“Some standards are not worth the paper they are written on but some, such as this, are best practice which helps to paint a picture of how to approach security in the cloud.”
At present, the local branch of Microsoft in New Zealand has an agreement with the Kiwi Government, as well as other Governments on the planet, around the topic of transparency.
“This provides access to our source code and access to the people who have written security access codes to Windows, Azure etc,” Noel adds. “It’s designed to provide transparency and offer assurances because it allows third-party auditors to examine our code, make sure there are no back doors and ensure that the correct controls are implemented.
“We adopted a similar approach in Australia, we exposed everything and after an independent assessment they said; ‘Yes, you’re compliant’.”
For Noel, the issue of trust is as equally important to the notion of privacy as well as security, insisting that “we stand by strong principles and take privacy to our heart.”
“It’s crucial for us to show the way we handle data, make customers understand that it isn’t our data and that we don’t touch it,” he adds.
In October 2013, the Kiwi Cabinet agreed on a cloud computing risk and assurance framework for government agencies, to sit within the wider ICT Assurance Framework as a key marker for organisations moving to the cloud.
The agreed approach is based on case-by-case consideration by agency chief executives with Government Chief Information Officer (GCIO) oversight, of all cloud computing decisions, whether hosted onshore or offshore, that balances the risk and benefits appropriately.
In the All-of-Government Cloud Computing Report, released in April 2014, further cloud principles included the view that agency Chief Executives are ultimately responsible for decisions to use cloud services and that no data above restricted should be held in a public cloud, whether it is hosted onshore or offshore.
Delving deeper on the topic of security, Cabinet agreed that if the system is likely to be a cloud service, Public and non-Public Service departments must use the guidelines in the report to ensure appropriate and consistent consideration of cloud computing issues, which includes privacy and security which are set out in the 105-question New Zealand Government framework.
As reported first by Computerworld New Zealand last month, Microsoft New Zealand demonstrated Microsoft Azure’s ability to provide secure cloud computing by meeting such standards in May of this year.
"This is a great step forward for us in being able to show both public and private sector customers how Microsoft addresses important security, privacy and sovereignty issues," said Russell Craig, National Technology Office, Microsoft New Zealand, to Computerworld New Zealand following the report.
“None of our competitors have done anything like this. If you represent a New Zealand government organisation that is considering adopting Azure, this information will assist your analysis.”
What Microsoft is seeing on both a local and global scale is that companies are moving to the cloud fast than anticipated, creating a greater emphasis on the need for secure cloud practices across the board.
In December 2014, Redmond revealed that New Zealand small-medium businesses were leading the world when it comes to Office 365 adoption, with 15 percent of the market now moving to the cloud with Microsoft.
"Backing up on global trends, what we’re seeing in New Zealand in terms of Office 365 adoption is perhaps more advanced than other markets,” said [[xref:http://www.computerworld.co.nz/article/562287/enterprise-rise-nz-ranks-no-1-smb-office-365-adoption/ |Paul Muckleston, Managing Director, Microsoft New Zealand, to Computerworld New Zealand at the time.]]