Major cloud services providers last week formally introduced the Trusted Cloud Principles, an initiative aimed at bringing standardization and consistencies across platforms.
Trusted Cloud Principles signatories say they are committed to maintaining consistent human rights standards across their services, while also ensuring that cloud services providers’ interests are protected.
The initiative has received support from heavy industry names, including Amazon, Atlassian, Cisco, Google, Microsoft, and IBM, among others.
“Trusted Cloud Principles signatories are committed to protecting the rights of our customers. We have agreed to strong principles that ensure we compete while maintaining consistent human rights standards,” the signatories say.
As per the newly introduced principles, cloud services providers are committed to ensure the privacy and security of their customers’ data across borders, while working with governments around the world to ensure the free flow of data and establish legal frameworks for data privacy, security, and integrity.
“Governments have a legitimate and important interest in protecting the safety and security of their people. Yet in some instances they seek to gain access to data under laws that do not adequately protect human rights and the rule of law, and conflict with laws of other countries,” the cloud companies note.
The involved organizations say they recognize governments’ interest in ensuring the “safety, security, privacy, and economic vitality of individuals and organizations” that use cloud services, but also the fact that individuals have the right to privacy and that customers should trust the security of their data.
The signatories also commit to supporting laws through which governments may request data in a transparent manner, but also improved regulation to “protect the safety, privacy, and security of cloud customers and their ownership of data.”
Furthermore, they recognize the importance of regular publishing of transparency reports regarding government data requests and announce their support for legal frameworks that would help resolve conflicts related to data access, privacy, and sovereignty.
The Trusted Cloud Principles require for governments to first engage with customers and then cloud services providers and to address conflicts of law, while supporting cross-border data flows, but also outline that customers have the right to be notified of government access to their data and that cloud providers should have the right to protect their customers’ interests.
Related: Securing Data-in-Use With Confidential Computing
Related: New Resources Define Cloud Security and Privacy Responsibilities
Related: Malware is Pervasive Across Cloud Platforms: Report