Microsoft CISO argues against "digital xenophobia"

Bret Arsenault hits out at geographic data compliance differences

Microsoft's CISO Bret Arsenault decried "digital xenophobia" this week, criticising the breadth and variety of regulations and compliance measures around handling data among different countries.

Speaking at Infosecurity Europe 2017, he said:"I worry more about the digital xenophobia we see where all data needs to live within a government boundary. I worry we may go too far with it.I monitor about 350 regulations worldwide and it's the pending future ones which are the hardest to see ... Creating separate rules in every country is not economically viable."

Microsoft has already promised to write GDPRcompliance into its cloud contracts, to help customers meet the European Union's incoming stricter data protection rules governing how organisations can use and store EU citizens' data, which will homogenise data protection rules throughout the EU when it appliesin 2018.

The tougher lawaims to bring data protection legislation into line with new, previously unforeseen ways that data is now used. This will replace the UK's current Data Protection Act 1998, which was enacted following the 1995 EU Data Protection Directive. The new legislation introduces tougher fines for noncompliance and breaches, and gives people more say over what companies can do with their data.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

However, the UK will leave the EU after voting for Brexit, meaning it will likely have to draw up its own data protection laws - even if similar, companies will have to deal with any differentiations between the two. Meanwhile, data location has become an issue of growing relevance to companies looking to store their data in different geographies in light of Edward Snowden's revelations about the extent of US spy hacking.

Among others, Microsoft itself opened up UK data centres last September to tout its services to public sector bodies and less cloud-friendly industries like finance. Collaboration firm Box used its alliance with IBM to allow customers to choose to store their data in different countries, allowing those wanting stricter protections to store it in Germany.

Arsenault added:"The one dream I have is that we get rid of passwords." He hopes instead that users can place their trust in devices themselves via growing use of biometrics as a measure to replace traditional credentials, despitea study revealing thatmost Brits distrust biometric security.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Most Popular

Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020