Mythbusting the cloud

Data is one of the most valuable assets an organisation has. It is understandable therefore that organisations have concerns about how safe that data would be if they moved it to the cloud. Based on this presentation from the Ignite conference in May 2015 we look at why you can trust Microsoft with your data.

Trust & Transparency in a Mobile World

In developing the Microsoft Cloud service, Microsoft took inspiration from the banking sector which throughout the world is one of the most heavily regulated industries. The banking sector simply would not function unless a fundamental understanding between the customer and provider existed. The cloud, much like a bank will not be used by customers if it cannot be trusted and its processes understood. To achieve this a greater level of transparency must be provided.

Perception Versus Reality Regarding Privacy & Security

A research study conducted by ComScore on the subject of the barriers to cloud adoption found that before adoption of cloud services 60% of businesses cited concerns around data security as a barrier and 45% had concerns about a lack of data control.

After migration to the cloud 94% reported they experienced security benefits that were not available on premise and 62% said privacy protection had increased as a result of moving to the cloud. These figures illustrate that there is a big difference between the perception and reality of cloud services. However before considering cloud services and selecting a cloud provider the following questions must be answered as part of your due diligence process:

  • How do you protect my data?
  • How do you use my data?
  • How can you help me with my compliance needs?
  • Where is my data and who has access to it?
  • What do you do in response to government demands for customer data?
  • How can I remove my data from your service?

How Microsoft Inspires Trust in the Cloud

Microsoft makes security and privacy a priority at every step from code development through to incident response and at its core Microsoft inspires trust in three areas:

  • Compliance

    Compliance is a fundamental feature of the cloud services that Microsoft has developed to ensure compliance with regulation authorities  across the world. These are international and industry-specific such as ISO 27001HIPAAFedRAMP and the UK G-Cloud. The full list of standards they comply with can be found here.

  • Control

    Microsoft has a continued commitment to organisations’ ownership, control and distribution of their own data. Microsoft cloud services is will always remain compliant with global standards such as ISO 27018, that has a strict code of practice for protection of personally identifiable information in public clouds. Data you store in the Microsoft cloud belongs to you, so you have control where it is stored and how it is securely accessed and deleted.

    Microsoft has strict principles when handling government demands for customer data and will not provide direct or unfettered access to customer data even in areas of national security. Microsoft’s opinion is that all data that a customer puts into the cloud is owned by the customer and not by Microsoft so if a request for data is received then the applicable legal process must be followed.

    The Law Enforcement Access to Data Stored Abroad Act in the United States, dictates that if a government request for data is received and the customer content is stored in the US then it must only be accessed via a search warrant. The warrant cannot be used to collect data overseas unless the account belongs to a US resident and it does not violate the laws of the host country.

  • Protect

    Microsoft designs its software for security by following a mandatory approach known as the Security Development Lifecycle (SDL).

    Some examples of security technology employed are multi-factor authentication for secure sign-in, an encryption key length of 2048 bits and extensive device-side encryption. Physical data centres have 24 hour monitoring, biometric scanning, regular penetration testing, intrusion detection, denial-of-service (DOS) attack prevention and annual auditing by 3rd parties.

    To combat the threat of digital crime Microsoft has established a digital crimes unit to help protect customer data in the cloud by seizing and removing criminal control of botnets which are used to forward transmissions such as viruses or spam to other devices on the Internet. Microsoft can also use authentication data to inform customers of possible infected devices within your network as a feature of Azure Operational Insights.

For more information about our managed services or to speak with one of the team, please contact us.

You may also be interested in:

Pythagoras, Blog Post, Office 365 Advanced eDiscovery, Equivio Zoom
Office 365 Planner