private sector perspectives

Identity, privacy, trust
and transformation –
private sector
perspectives
Russell Craig
National Technology Officer, Microsoft NZ
russell.craig@microsoft.com
“”
On the Internet, nobody knows
knew that you are a dog
When the New Yorker published this
cartoon in 1993 it was funny because it
was true.
Now it is likely to be false.
In the age of big data we can know what
breed of dog you are, your favorite snacks,
your lineage, where you live, which dogs
you associate with, whether you’ve ever
won any awards at a dog show etc.
What is human (digital) identity?
•
Unique and individual
“…the set of characteristics that somebody recognizes as
belonging uniquely to herself, and constituting her individual
personality for life...”
•
Contextual and situational
“…is contextual and situational, and inseparable from the
ways people connect to one another: via ethnic and
religious, political, vocation and avocation, personal
relationships, and other groups identities…”
Concepts of digital identity broaden
as we become more networked
• My devices
• My data
• My agents
• My online activity
• My affiliations
• Etc.
In sum, human identity is
multi-faceted and complex
– especially in the digital
domain
Digital identities are fractured
because apps, services, platforms and
organisations fragment and silo data
“Today’s Internet is based on a
patchwork of identity one-offs. People
lack a framework for controlling or even
remembering
the many different aspects
“Today’s Internet is based on a patchwork of identity one-offs.
a framework
for controlling
ofPeople
theirlackdigital
existence.
” or even remembering
the many different aspects of their digital existence.”
Warburton, S. (Coord.) (2010). Digital Identity Matters. Rhizome
awareness report. London: King’s College London.
What should we care about?
“Our vision: New Zealand is a world leader in the
trusted, inclusive and protected use of shared data to
deliver a prosperous society”
1.Get the rules of the game right.
2.Create value by doing.
3.Establish the foundations: value,
inclusion, trust and control.
What should we care about?
“Our vision: New Zealand is a world leader in the
trusted, inclusive and protected use of shared data to
deliver a prosperous society”
1. Get the rules of the game right.
2. Create value by doing.
3. Establish the foundations: value,
inclusion trust and control.
Harnessing the Economic and Social Power of Data; NZ Data Futures Forum
(2015)
Big = big opportunity
For governments:
• Budget savings
• Transparency and
responsibility
• Real insight into society
• Optimal decisions
Big data = big opportunity
For business:
• Converting products to services
• Expanded value chains
• New business models
• Educated targeting
From
Product
to
Ser vice
V = V0 + A∙N +
B∙N2
Value for
customer
Socialization
of Business
Clients
Employees
Partners
Imminent
value
Mobility
&
Connectivity
Volume
value
Network
value
On Premise
Off Premise
Value
Big Data
& BI
http://www.businesslogicsystems.com/Data%20Managemen
What about trust?
Microsoft’s approach to
trust: building security,
privacy, transparency and
compliance into the
cloud
“Hyperscale” public cloud: fundamental to IoT and big data
Network
Services
Data
Storage
Compute
Analytics
App
Services
Microsoft Azure global
physical infrastructure
Over 1 million servers
Stores over 50 trillion objects
Handles on average 127,000 requests/second
Peak of 880,000 requests/second
> 2 billion active directory transactions/day
Over $5B capital invested p/a
14
The Microsoft Cloud
200+ cloud services,
1+ million servers,
$15B+ infrastructure
investment
1 billion customers,
20 million businesses,
90 countries worldwide1
300+ million
3.5 million
active
57%
of Fortune 5004
10,000 new subscribers per week2
users per month5
users4
Online
5.5+ billion
worldwide queries
each month3
1.2 billion
worldwide users2
48 million
members in 57 countries4
450+ million
unique users each month6
15
A Trustworthy Cloud
Built-in capabilities and customer controls for organizations
Trustworthy Cloud: Customer Assurance – It’s Your Data
Datacenter
Security
Services Access
Data in Transit
Data at Rest
Data Location
Predictability
No Advertising
Horizontal
Industry
Specific
Independent
Verification
Customer
Controls
Software
Development
Cloud
Infrastructure
Incidents &
Breaches
Information
access
Controls
Extensive experience and credentials
CSA Cloud
Controls
Matrix
HIPAA/
HITECH
SOC 1
2010
2011
ISO/IEC
27001:2005
UK G-Cloud OFFICIAL
SOC 2
2013
2012
FISMA
ATO
Singapore
MCTS
2014
FedRAMP
P-ATO
Operations
Security
Assurance
AU IRAP
Accreditation
EU Data
Protection
Directive
CJIS
CDSA
2015
PCI DSS
Level 1
ISO/IEC
27018
18
ISO/IEC 27018
Microsoft is the first
major cloud provider
to adopt the first
international code of
practice for governing
the processing of
personal information
by cloud service
providers.
Prohibits use of customer data for
advertising and marketing purposes
without customer’s express consent.
Prevents use of customer data for
purposes unrelated to providing the
cloud service.
19
russell.craig@microsoft.com