Amazon, Microsoft, Google back creation of Trusted Cloud Principles

Abstract image representing cloud cyber security showing a cloud with a keyhole in the middle in front of a yellow and blue circuit board background

Amazon, Microsoft, Google are among the nine tech giants supporting the right for cloud providers to protect customers’ interests.

The list of signatories of the newly-established Trusted Cloud Principles also includes Atlassian, Cisco, Salesforce, Slack, and SAP.

As part of the initiative, the tech companies have committed to protecting the privacy and security of their customers’ data by calling on governments to “recognise certain baseline protections as they enact laws for the cloud era”.

This includes supporting cross-border data flows and addressing conflicts of law between countries, which often results in the cloud service providers’ compliance requirements differing from one country to another.

The Trusted Cloud Principles also address governmental requests for customer data, with signatories calling on states to seek data directly from enterprise customers rather than cloud service providers. This doesn’t apply to “exceptional circumstances”, which were not specified by the document, yet are likely to include serious criminal charges.

Customers of cloud service providers should also have the right to be notified in advance of governments’ plans to access their data, while the providers should be able to challenge such data requests as well as notify “relevant data protection authorities”.

The signatories stated that, although “governments have a legitimate and important interest in protecting the safety and security of their people”, there have been cases where “they seek to gain access to data under laws that do not adequately protect human rights and the rule of law, and conflict with laws of other countries”.

“As cloud service providers, we are committed to protecting the privacy and security of our customers’ data in all jurisdictions through policy and technology,” they added.

RELATED RESOURCE

How to secure workloads in hybrid clouds

Cloud workload protection

FREE DOWNLOAD

In order to achieve their objectives, the signatories “commit to working with the tech sector, public interest groups, and policymakers around the world, particularly in the countries where we operate or plan to operate data centers and cloud infrastructure, to ensure that laws and policies are substantially in line with the (...) principles”.

The announcement of the Trusted Cloud Principles comes weeks after one of the world’s largest secure email services, Protonmail, was criticised for providing authorities with the IP address of a French climate activist. Being based in Switzerland, the email services provider prides itself on benefiting from the country’s strict privacy laws, yet was “obligated" to comply with the “legally binding order from Swiss authorities”, according to founder and CEO Andy Yen.

Many disagreed about the severity of the crime, with Amnesty International technologist Etienne Maynier stating on Twitter that he has “a hard time seeing how young people squatting buildings in Paris is an extreme criminal case”.

Sabina Weston

Having only graduated from City University in 2019, Sabina has already demonstrated her abilities as a keen writer and effective journalist. Currently a content writer for Drapers, Sabina spent a number of years writing for ITPro, specialising in networking and telecommunications, as well as charting the efforts of technology companies to improve their inclusion and diversity strategies, a topic close to her heart.

Sabina has also held a number of editorial roles at Harper's Bazaar, Cube Collective, and HighClouds.