International Privacy Controls for the Cloud

Do you know how many cloud applications are being accessed by your employees?
Are your employees sharing valuable information via emails and attachments?
Is Your Help Desk Inundated with Password Reset Requests Over and Over?
Get Started With A FREE Trial Get Started With A FREE Trial Request a Consultation Request a Consultation Download FREE MOBILE DEVICE SECURITY REPORT

International Privacy Controls for the Cloud on

Microsoft stepping up to the plate to ensure enterprise security in the cloud

From the moment businesses began to use the cloud to store critical data, privacy has always been of the utmost importance. When data begins to be stored by customers in different countries, international privacy laws and controls quickly come into play. Earlier this year, Microsoft was applauded by many in the data security community for their adoption of the first international standard for cloud privacy.

Microsoft committed to adhering to new international privacy controls

The British Standards Institution (BSI) recently confirmed that Microsoft Azure utilizes controls aligned with the ISO/IEC 27018 code of practice to protect personal information located in public clouds. Microsoft is the first cloud platform to adopt ISO 27018.

The adoption of ISO 27018 is part of a larger commitment from Microsoft to protect the privacy of their customers. Aside from Microsoft Azure, both Dynamics CRM Online and Office 365 have been verified to be ISO 27018 compliant.

What ISO 27018 really means for customers

Being ISO 27018 compliant protects enterprise customers in the following ways:

Data is safe from advertising

Enterprise customers are often worried about providers using their data for advertising purposes. When cloud providers commit to this strict standard, they agree to not use your data for advertising purposes.

Strong data protection

ISO 27018 offers a number of security benefits. It helps to ensure there are set restrictions on how personal information can be handled, including transmitting this information over public networks as well as other forms of storage media.

Providers must also outline sufficient processes for both data recovery and restoration of customer data. Finally, all individuals, including cloud provider employees must be subject to a strict confidentiality agreement if they are to process any type of personal identifiable information.

Notification of government data access

This standard requires that all data requests from law enforcement personnel must be disclosed to you, unless specifically prohibited by law. Microsoft has already been adhering to this standard for quite some time.

You are in control of and understand what happens to your data

According to ISO 27018, cloud providers should only process personally identifiable information based on your specific instructions. Transparency is also extremely important regarding the transfer, return and deletion of personal information that is stored in the cloud.

Providers should always disclose if they are working with other companies who may need to access your data. In addition, any unauthorized access to your pertinent data should be reported to you immediately.

Is your provider sufficiently protecting your data?

It’s great to see Microsoft officially adopt this strict privacy standard—the first of its kind in the industry. It’s just more proof that they’re focused on the enterprise customer. Do you know whether your cloud provider has done the same? If not, it’s up to you to ensure that your enterprise data is sufficiently protected in the cloud. If you’re unsure about the security of your data in the cloud, contact MessageOps to have your mobile strategy reviewed by our experts.

(Visited 124 times, 1 visits today)