Microsoft's Scott Charney on cloud computing and privacy

In this exclusive video from RSA Conference 2011, Microsoft Corporate Vice President of Trustworthy Computing Scott Charney discusses cloud computing and privacy, including what his mom taught him about cloud computing.

More Scott Charney videos:

Read the full text transcript from this video below. Please note the full transcript is for reference only and may include limited inaccuracies. To suggest a transcript correction, contact   

Microsoft's Scott Charney on cloud computing and privacy

Eric Parizo: Hello. I am Eric Parizo. Great to have you with us. Joining us today
is Scott Charney, Corporate Vice President for Trustworthy Computing,
at Microsoft. Scott, thank you so much for joining us today.

Scott Charney: Thank you for having me.

Eric Parizo: Scott, let us talk about Cloud computing for a few minutes. When you
and I spoke last year, you expressed concern about the security and
privacy implications of Cloud computing, both among enterprises and
consumers. Are you more or less concerned today, and why?

Scott Charney: I would say I am equally concerned. I had a lot of concerns
back then and I still do. It is interesting to watch what is happening
in the privacy world. We have always had fair information principles
and they were heavily weighted towards notice and choice. In the old
world it was very much about the consumer having a relationship with
an entity, the entity would give notice, the consumer would agree to
the notice, whether they read it or not, and that established the
privacy contract, and data uses contract between the entity and the
consumer. Of course, as the web has just exploded, the models of data
flows have exploded too. There is targeted advertising and data
analytics firms, there are a lot of different technologies. Around the
world, the regulators in particular, have said 'Fair information
principles are still relevant. The question is how do we adapt them to
this new world, with data flowing globally? Just providing users
notice and putting the burden on the user to understand all these
notices and interrelated notices,' because when you go to one privacy
notice, it might say 'We do business with these three companies, here
are their notices and they do business with five more, here are their
notices,' you realize it cannot work that way.

People are starting to look at new paradigms for how we protect
privacy in this new global environment and they seem to focus on two
primary points. One is that there are certain uses that should just be
expected, and maybe notice is not the right way to think about it. If
you buy something online, a physical good, and give me your address so
I can mail it to you, asking for your consent to use your address to
mail you the goods might just be a little silly. Then the second
question is, 'If we cannot expect users to go through all these
notices all the time, how are we going to ensure that data usage is
actually appropriate?' Organizations and governments are starting to
look at what they call accountability principles, which is, if we know
certain uses are appropriate, the key is holding those organizations
that have the data accountable for using it in that rational way and
not engaging in secondary use. There is a data explosion going on in
the planet and figuring out how to manage that explosion with all the
global data flows is challenging.

Eric Parizo: From an enterprise perspective, what emerging technologies or methods
do you believe will become critical to securing Cloud computing that,
perhaps, enterprises are not focused on today?

Scott Charney: I think there is a few things. The Cloud, from Microsoft's
perspective for example, as a cloud provider, we used to work with the
SDL, create more secure products, then give it over to the customer to
deploy and manage. There is a cloud provider of course. The cloud
providers are responsible, not just for the creation of the underlying
product, but actually then deploying it, maintaining it, and operating
it securely. You get this integration of the quality of the product
and the operations, and then you have to integrate a couple more
things. You got the personnel of the Cloud provider, the physical
security of the data center, and you have these huge questions about
jurisdiction. These Clouds are going to be very dynamic; data is going
to be flying all over the world. What rules apply? What governments
have jurisdiction over that data? Who can get it? There are going to
be a lot of challenging questions that I think enterprises and Cloud
providers are going to have to think hard about

Eric Parizo: Finally, when we talked last year, you talked about how it was the
lessons that you learned from your family, from your kids, and from
your mother, I believe, that had taught you a lot about computer
security. What are the new lessons that they have taught you in the
past year?

Scott Charney: It was actually my 81 year old mother. I am not sure; I would say
there is probably one new lesson, which is that the Cloud is not well
understood by mom. What I mean by that is, she had a model where her
data was on her PC and her email was in the Cloud, but it was really
about that email. Now in this Cloud environment, there is this
potential that all this data is going to be stored, geographically
dispersed, and there are a lot of new technologies coming. She has a
cell phone; if GPS is turned on and there is location data, who is
collecting that location data? What can they do with it? What are the
benefits for her to have a location data device? Are e-coupons coming
based on where she is standing in the street? The technology is moving
very fast and it is a challenge even for the IT professional to keep
up, thus, conferences like RSA. I think, for the consumers, it is
going to be challenging too. There is going to be incredibly
opportunities to wow consumers and give them great value. They are
also going to have this nagging feeling, as we have seen, about
security, privacy, and what it all means. I think we are going to have
to do a very good job of explaining both the benefits and risks of
this technology. We are going to have to make it seamless for them to
get the benefits and mitigate the risks

Eric Parizo: Scott Charney, Corporate Vice President for Trustworthy Computing, at
Microsoft. Thank you so much for joining us today.

Scott Charney: Thank you.

View All Videos

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.