According to the latest reports, Microsoft has become the first major Cloud services provider to adopt an international standard for certifying the security of its Cloud offerings. The company has adopted the International Organisation for Standardisation and International Electrotechnical Commission’s standard 27018. This standard certifies the security of Microsoft’s Cloud offerings and the guidelines offer a uniform international approach to protecting privacy for personal data stored in the Cloud.
A number of Microsoft’s services, including its Azure Cloud, Office 365 and Dynamics CRM Online have been certified to meet the ISO/IEC 27018’s privacy and security standards. Each of the Cloud services were found to comply with the standard, which was verified by the British Standards Institute.
Adopting this standard proves to customers that Microsoft is serious about protecting their privacy online. It is evidence of their commitment and provides customers with assurances of how their data is used by Microsoft. For example, in order to comply with the standards, Microsoft must inform customers of any events related to their data, such as its movement inside a datacentre and if law enforcement requests to access their information (except in countries where it isn’t lawful to do so).
According to Brad Smith, the general counsel and executive vice president of legal and corporate affairs at Microsoft, compliance with this standard will also keep customer’s cloud data out of advertiser’s hands. Recently, many companies have expressed concerns that Cloud service providers could be selling their data to advertisers but they can have the peace of mind that now Microsoft’s services are backed by ISO/IEC 27018 this will not be the case.
The standard also restricts how Microsoft is able to use and handle personally identifiable information. It implements restrictions on how this information is transmitted over public networks, how it is stored and the process for data recovery. Employees, who process personally identifiable information at Microsoft, are also subject to strict confidentiality rules as outlined by the standard.
Despite its benefits, many companies have so far been reluctant to embrace cloud apps, storage and services as part of their IT strategies. This has largely been down to concerns of security risks. However now that Microsoft has received the ISO/IEC 27018 certification, there may be a changing attitude towards cloud services and many companies may feel like they can trust the company, as well as other leading Cloud providers out there.
Although many people are still concerned about the risks of using Cloud services, the benefits far outweigh them. There are even security benefits of using Cloud services, which we have briefly outlined below.
By using Cloud services, you can have the peace of mind that security patching of the Cloud-based systems will always be carried out at the right time. Instead of having to monitor and patch these systems, something that not all businesses have the resources for, by adopting a Cloud computing model, they can benefit from having system patches installed and tested centrally.
Many Cloud providers already use two factor authentication. This adds an extra layer of security to the traditional username and password arrangement required to complete the login process. Two factor authentication often requires users to input a One-Time Pin code generated for the end user via SMS.
Many small businesses do not have the skills or resources to gain industry specific security certifications. However, by adopting a Cloud model they can benefit from the certifications the Cloud computing company has achieved. So businesses that use Microsoft’s Cloud services also now benefit from the ISO/IEC 27018 standards that their hosted infrastructure meets.
If you’re interested in learning about Microsoft’s ISO Cloud certification or talking about the benefits of Microsoft Office 365 or other forms of Cloud computing for your business, give us a call here at Grant McGregor.
Image source: https://farm7.staticflickr.com/6196/6095282709_487842e769.jpg
Image credits: Marcin Whicary