Microsoft Puts Focus on IoT Privacy and Security

Microsoft is implementing new efforts to ensure security and privacy in the era of the Internet of things (IoT).

Internet of Things

Microsoft is making privacy and security of the Internet of things (IoT) a priority.

In a blog post on Data Privacy Day, Clemens Vasters, principal architect of Microsoft Azure IoT, spelled out some of Microsoft's views on IoT security and privacy to help consumers and enterprises manage some of the risks involved with emerging technologies.

"Any serious discussion about IoT these days must include the overall security of connected 'things' and systems, in addition to data privacy," Vasters said.

Vasters noted that since the release of Windows XP SP2 and the introduction of the Security Development Lifecycle, Microsoft has rallied around security with continued investment in security practices that are now key components of the company's engineering practices.

"The Internet of Things takes IT to the heart of companies' core businesses, into our homes, and—in the health industry—quite literally to our hearts," he said. "We cannot make compromises in security here, as a company, as a partner ecosystem, as industry organizations or as a world community."

Microsoft provides strong assurances for customer data stored in its Azure cloud data centers, and the company encourages its customers to respect the choices of their own customers as they build products and services that use the Microsoft platform as their foundation.

"The Internet of Things brings about the convergence of IT and the Internet on one hand, and commercial operational technology and consumer products on the other," Vasters said. "Today's Internet is an increasingly hostile environment, and the effort to create effective defenses in common hardware and software, as well as in server and cloud infrastructure, is enormous.

"There is reason to be concerned that effective security sometimes falls victim to cost considerations, and that established best practices and procedures for IoT products and services are sometimes left behind in the search for a 'cheap' path to security—a path that does not exist," he said. "Even worse, we are seeing cases in which security is a purely secondary concern, and we hear, 'Why would anyone ever want to hack this?' Well, because they can."

Microsoft participates in the development of many IoT projects and products, as the company's technologies are leveraged and its advice sought by developers and implementers.

"Security, of course, is an essential component of strong data safeguards in all online computing environments," Microsoft said in a white paper on Protecting Data and Privacy in the Cloud. "But security alone is not sufficient. Consumers' and businesses' willingness to use a particular cloud computing product also depends on their ability to trust that the privacy of their information will be protected, and that their data will only be used in a manner consistent with customer expectations."

Microsoft's approach to privacy and data protection in its cloud services is built on a commitment to empower organizations to control the collection, use and distribution of their information.

Indeed, when Microsoft envisions a new product or service, privacy and data protection are considered at each phase of development. This is part of the company's approach to Privacy by Design, which describes not only how Microsoft builds products, but also how it operates its services and structures its internal governance practices. This comprehensive approach includes all of the people, processes and technologies that help to maintain and enhance privacy protections for Microsoft's customers.