Microsoft Talks About Trust and Security in Their Cloud Services

Most of you keep up with the constant flow of news relating to data, privacy and security.

The decision to move to cloud based services is a big one for any organization. Reliability is crucial but, as Microsoft states today, "Managing the volume, variety, and disparate sources of data generated through mobile devices and other activities is a global challenge for enterprise."

You would expect that a discussion about the privacy and control of The Trusted Cloud would originate from within Microsoft's OneDrive team but today's blog post is coming from the Cyber Trust team.

They begin by referencing a December 2015 Intralinks survey that discovered only about half of the companies use any type of policy or control to dictate access to customer and enterprise data.

With 78% of those surveyed planning to use cloud and Software as a Service software programs for storing sensitive and regulated data that leaves a lot of work to be done.

According to Microsoft privacy and access have to be approached together:

"Data privacy and access control must be taken together because it’s impossible to meaningfully achieve the one without robustly addressing the other. An organization may set up its cloud with the world’s best security to keep data private, but then fail to use access control policies effectively to prevent data leaks or unauthorized access. From both a technological and a privacy perspective, CIOs and IT leaders must pay attention to how, when, where, and by whom their company’s petabytes may be legitimately accessed. Moreover, they need to manage access control to ensure compliance from legal, risk management, and regulatory standpoints."

Microsoft views privacy and control in their Trusted Cloud under the following points:

You own your data, not us. When you use a Microsoft cloud service, you keep the ability to take your data with you when you terminate an agreement. When a subscription expires or you terminate your contract, Microsoft follows a 90-day retention policy and strict standards for overwriting storage before reuse.

Your data is not used for marketing. Our enterprise business model is not based on exploiting customer data. We do not use your data for purposes such as advertising that are unrelated to providing the cloud service.

We don’t use standing access.   We’ve engineered our cloud services so that the majority of operations are fully automated. Only a small set of activities require human involvement; access to your data by Microsoft personnel is granted only when necessary for support or operations, then revoked when no longer needed.

You can choose your datacenter location. Depending on which Microsoft cloud services you have, you may have flexibility in choosing where your data physically resides. Your data may be replicated for redundancy within the geographic area, but not transmitted outside it.

We protect data from government surveillance. Over several years, we’ve expanded encryption across all our services and reinforced legal protections for customer data. And we’ve enhanced transparency so that you can be assured that Microsoft does not build “back doors” into our products and services, nor do we provide any government with direct or unfettered access to customer data.

Law enforcement requests must go through you. Microsoft will not disclose your data to a third party except as you direct or as required by law. We’ll attempt to redirect third parties to request customer data directly from the data owner.

If you want to learn more about Microsoft's Trusted Cloud princicples, hear from company leaders such as the CEO Satya Nadella and President Brad Smith just visit the Microsoft Trusted Cloud portal for white papers, videos, webinars and several related company blogs.

But, wait...there's probably more so be sure to follow me on Twitter and Google+.

----------

Looking for an awesome, no-nonsense technical conference for IT Pros, Devs, and Devops? Check out IT/Dev Connections!