Microsoft stepping up to the plate to ensure enterprise security in the cloud
From the moment businesses began to use the cloud to store critical data, privacy has always been of the utmost importance. When data begins to be stored by customers in different countries, international privacy laws and controls quickly come into play. Earlier this year, Microsoft was applauded by many in the data security community for their adoption of the first international standard for cloud privacy.
Microsoft committed to adhering to new international privacy controls
The British Standards Institution (BSI) recently confirmed that Microsoft Azure utilizes controls aligned with the ISO/IEC 27018 code of practice to protect personal information located in public clouds. Microsoft is the first cloud platform to adopt ISO 27018.
The adoption of ISO 27018 is part of a larger commitment from Microsoft to protect the privacy of their customers. Aside from Microsoft Azure, both Dynamics CRM Online and Office 365 have been verified to be ISO 27018 compliant.
What ISO 27018 really means for customers
Being ISO 27018 compliant protects enterprise customers in the following ways:
Data is safe from advertising
Enterprise customers are often worried about providers using their data for advertising purposes. When cloud providers commit to this strict standard, they agree to not use your data for advertising purposes.
Strong data protection
ISO 27018 offers a number of security benefits. It helps to ensure there are set restrictions on how personal information can be handled, including transmitting this information over public networks as well as other forms of storage media.
Providers must also outline sufficient processes for both data recovery and restoration of customer data. Finally, all individuals, including cloud provider employees must be subject to a strict confidentiality agreement if they are to process any type of personal identifiable information.
Notification of government data access
This standard requires that all data requests from law enforcement personnel must be disclosed to you, unless specifically prohibited by law. Microsoft has already been adhering to this standard for quite some time.
You are in control of and understand what happens to your data
According to ISO 27018, cloud providers should only process personally identifiable information based on your specific instructions. Transparency is also extremely important regarding the transfer, return and deletion of personal information that is stored in the cloud.
Providers should always disclose if they are working with other companies who may need to access your data. In addition, any unauthorized access to your pertinent data should be reported to you immediately.
Is your provider sufficiently protecting your data?
Itâs great to see Microsoft officially adopt this strict privacy standardâthe first of its kind in the industry. Itâs just more proof that theyâre focused on the enterprise customer. Do you know whether your cloud provider has done the same? If not, itâs up to you to ensure that your enterprise data is sufficiently protected in the cloud. If youâre unsure about the security of your data in the cloud, contact MessageOps to have your mobile strategy reviewed by our experts.