> The British Standards Institute (BSI) has now independently verified
Yeah great, show your proprietary code to a third party company and everyone is just going to immediately trust you.
Plenty of other cloud storage services offer real reasons to trust the backing store, called the code is open. I can audit it, my neighbor could audit it, and every corporate user is liable to audit it. I have no reason to ever trust an arbitrary third party I have never had reason to trust in the past who is now trying to guarantee your cloud is secure, when competitive options are letting me do my own auditing, if I wish.
Is there anything else this is comparable too - where a company has the gall to say "another company looked at our black box and said it was good, so trust us alright guys?". When cars or houses or roads or food get certified for something you always have the capacity to reproduce the certification process yourself as a verification measure. You cannot do that to proprietary software, especially when its on some foreign server somewhere running who knows what version of it.
> Is there anything else this is comparable too - where a company has the gall to say "another company looked at our black box and said it was good, so trust us alright guys?
Uh, isn't that how third party trust works?
Like how SSL cert verification goes to a trusted root CA for validation.
Unless you opt to run all your own stuff you will need to trust someone. Even if all of Microsoft's code were open source, how can you trust they're not running a modified version?
Open-sourcing helps though. Also, relying on ISO for the standard (which has been sketchy in the past when it comes to Microsoft, see also OOXML) was probably not a good idea. Microsoft doesn't have a great reputation for security either.
It's true, ultimately cloud security relies on trust, but I don't think Microsoft has done enough to deserve my trust, even if this is a good step forward.
Quite a bit of MS's cloud stuff, especially Azure /is/ in fact open source. http://azure.github.io/ here, take a look and audit their azure source to start.
Yeah great, show your proprietary code to a third party company and everyone is just going to immediately trust you.
Plenty of other cloud storage services offer real reasons to trust the backing store, called the code is open. I can audit it, my neighbor could audit it, and every corporate user is liable to audit it. I have no reason to ever trust an arbitrary third party I have never had reason to trust in the past who is now trying to guarantee your cloud is secure, when competitive options are letting me do my own auditing, if I wish.
Is there anything else this is comparable too - where a company has the gall to say "another company looked at our black box and said it was good, so trust us alright guys?". When cars or houses or roads or food get certified for something you always have the capacity to reproduce the certification process yourself as a verification measure. You cannot do that to proprietary software, especially when its on some foreign server somewhere running who knows what version of it.