Feeling unshakably confident about our data stored in the cloud is probably a disposition we’ll never quite reach, but Microsoft just made some headway in instilling us with some faith by making its Azure cloud computing platform, the first cloud platform to be certified as compliant with ISO (International Organization for Standardization) 27018.

Brad Smith, Microsoft’s General Counsel and Executive Vice President, Legal and Corporate Affairs, wrote in a blog post, “The British Standards Institute (BSI) has now independently verified that in addition to Microsoft Azure, both Office 365 and Dynamics CRM Online are aligned with the standard’s code of practice for the protection of Personally Identifiable Information (PII) in the public cloud.”

While Microsoft has in fact been following such standards already, gaining the certification is a benchmark in that we not only know what we can expect from the Redmond company in terms of what happens, or doesn’t happen, to our data, but it will help to create an industry standard that can, and should be followed.

The standard itself relates to transparency in what the government demands concerning stored data, with full disclosure to the customer if access should happen, and also transparency concerning what is happening to data in regards to the return, transfer, and deletion of personal information stored in Microsoft’s data centers. There will be security safeguards implemented as part of the standard relating to public use of data, and also relating to data recovery and restoration. Lastly, by adopting the standard Microsoft maintains that enterprise customer data will not be used for advertising purposes.

Microsoft has said numerous times that customers will only use services that they can trust. This certification, Microsoft hopes, will have scored some points with existing and future customers. Smith writes, “We’re optimistic that ISO 27018 can serve as a template for regulators and customers alike as they seek to ensure strong privacy protection across geographies and vertical industry sectors.”

In relation to what the government demands, Microsoft is still in legal wrangle with the U.S. Department of Justice

over emails stored in a data center located in Dublin, Ireland. Data, Microsoft says, the U.S. government has no right to demand access to. Encouragingly the Redmond company is a backed by some of the world’s leading media organizations and tech companies, as well as the Irish government.

Photo credit: Nathan O’Nions via photopin cc