Four megatrends – Mobility, Social, Cloud, and Big Data – are transforming the way people live and go about their daily activities. However, people will not use technology they do not trust, especially important in a mobile-first and cloud-first world.
In fact, trust is still among the top-three barriers to cloud technology adoption for CIOs in the Asia Pacific region, according to a recent Microsoft survey of IT leaders. In the results, ‘trust’ was the second-most cited challenge for 79 per cent of respondents, just behind ‘budgets’ which ranked first for 81 per cent of respondents.
Cyber threats are real and a growing concern for both individuals and organizations, especially with the spread of malicious software. In fact, based on the Malware Infection Index by Microsoft for Q1 2015, the top malware threat in ASEAN was the Bladabindi/Jenxcus (B106) malware family. This allows hackers to steal sensitive information, it also has the ability to download other malware and give unauthorised access to your PC. Some variants under the B106 malware family can also control a PC’s camera to record and perform keylogging functions.
Build trust through holistic government policies
As regional director for government relations at Microsoft Asia Pacific, I actively promote the role for technology in advancing national competitiveness for economies across the region. This involves lobbying for policies that are conducive to fostering both a vibrant online ecosystem and a trusted computing environment.
During the Microsoft Cyber Trust Experience in Singapore in April – a two-day media event held in conjunction with Interpol World 2015, we shared with media friends about Microsoft’s commitment to building trust in technology.
Ensuring policies are in place to address weak links in the IT supply chain is key to building up a trusted computing environment, according to a Microsoft-commissioned study on government cybersecurity.
Particularly, one area to focus on for governments is procurement hygiene, which is an often overlooked factor. The components of cybersecurity spend – IT infrastructure and procurement, IT administration and support, website and online services maintenance – are often vulnerable to cybersecurity bypass and loopholes, such as using unlicensed or lapsed-license software, purchasing from questionable vendors, and using outdated software – quite often without knowing.
Building a trusted computing environment is also a collaboration between the public and private sector. This is one of the best approaches amid a rapidly changing technology landscape and the inherently slower pace of public sector initiatives.
In the area of public-private partnerships, Microsoft has been quite active recently, particularly with partnership announcements involving Interpol. These included a joint global operation to take down the Simda botnet and a licensing deal for PhotoDNA technology to help identify child abuse victims.
Look out for labels
So how do technology consumers decide who to trust as a provider? One quick way is by looking out for certifications or standards, akin to studying food packaging labels for ingredients or nutritional information.
For example, Microsoft is the first major cloud provider to adopt the world’s first international standard for cloud privacy. The standard called ISO/IEC 27018 was developed by the International Organization for Standardization (ISO) to establish a uniform approach to protecting privacy for personal data stored in the cloud. This includes guidance that personal information should not be used by the service provider for the purposes of marketing and advertising without express consent, and that any subcontractors used by the service provider to process personal information be disclosed to the customers in advance.
In a more local context, another certification is the Multi-Tier Cloud Security Standard for Singapore (MTCS SS), which is the country’s cloud security standard launched in 2013 provide businesses with greater clarity on the levels of security offered by different cloud service providers. It has a self-disclosure requirement for cloud service providers covering service-oriented information that is normally included in service level agreements. This covers areas such as data retention, data sovereignty, data portability, liability, availability, business continuity, disaster recovery, as well as incident and problem management.
Just last year, Microsoft achieved the MTCS SS Level-1 certification for Microsoft Azure and Office 365. This makes Microsoft the first and only global cloud service provider to obtain certification across its Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS) cloud offerings.
Microsoft is committed to delivering a trustworthy computing platform and invests deeply in security expertise. For example, products and services are developed with security by design using Microsoft’s Security Development Lifecycle – a software development process that helps developers reduce the number and severity of vulnerabilities in Microsoft software and increase the cost of exploitation.
As the vulnerabilities of the digital world are increasingly thrust under the spotlight amid a growing number of reports on cybersecurity incidents, there will likely be a flight to quality and trust among technology users. By making security and privacy a priority, Microsoft aims to build greater trust in technology and all it promises.