The fourth day of MS Ignite 2017, I followed some more sessions on security related topics. The focus was on Blockchain and some more on GDPR regulation.
With regards to Blockchain it is clear that in current economies people are trying the remove the middleman. In the commercial world this means lawyer and banks. Banks can be replaced by crypto-currency and lawyers by intelligent contracts. So Blockchain is seen by these middlemen as disruptive breaking down expensive systems that had sometimes not a lot of added value. The response is either fear or greed driven. Fear by pointing to the risks and complexity of trusting systems to deal with objects of potential high financial value. Greed is where middleman reluctantly abandon their position as their monopoly is broken down.
When getting into Blockchain the industry is demanding solutions to organize proof of concepts in such a way they can fail fast and cheap if things would not work out. To support this MS offers SaaS solutions that can be kept private i.e MS Coco Framework. In general, Blockchain environments fall into two categories. Either some public Blockchain offering is used running under the bonnet. Either a private Blockchain is used and participating members treat this as a trusted third party.
Intelligent contracts are also driven by blockchain technology with the biggest difference the contract contains logic to be executed i.e. some business logic in a programming language that must be executed connected to certain events in the contract. Intel has new hardware available to run the code part of an intelligent contract in a trusted way even if the computers that are executing the code could be considered less trustworthy. The code part of the contracts is executed in so-called Enclaves. This concept allows external parties to service (mine) intelligent contracts as they would do with normal Blockchains.
Looking at GDPR regulation in the context of Office 365, MS goes a long way to make sure you are compliant. Azure as a platform is compliant but that, off-course, does not solve everything since companies remain responsible for what they do in the cloud. Moreover, client data protection should be a key concern even without any enforcing regulation.
One of the hardest things to do in the context of GDPR is extracting the data for a customer’s request to disclose. For example, if a customer wants to know what happened with an e-mail, we get very fast to a 800 page report to be delivered. This report must be delivered in a readable way and securely transferred to the requestor. The challenge companies face is how to gather all the information for such a request and how to handle the sheer volume of data.
The solve these information requests, an company will need to set-up a system to tag and classify information, and to set-up a system of eDiscovery to retrieve related information. MS Office 365 comes with an integrated solution to tag information. The tags will follow office documents and will enforce compliance by preventing certain activates e.g. you cannot mail a document containing financial information.
MS eDiscovery helps to find related information. Although licensing costs has not been released yet the business case is straightforward: trying to respond to a disclosure request by manually searching for data can become expensive. Sifting through 1 TB of data could result in 500 K$ costs per request. The license cost would already be paid back in that one case.