Encouraging customer confidence in the Microsoft Cloud
Businesses today face a constantly evolving set of potential threats, from data security breaches to downtime from unexpected events.
That's the word from Stephen Boyle, Microsoft US Partner Group vice president. Boyle says businesses, government agencies, and individuals are increasingly concerned about security and are on edge about the vulnerability of their information.
"Microsoft is committed to the vision of empowering every person and every organisation on the planet to achieve more," Boyle says.
"To achieve that vision, we need to protect those individuals and organisations, and ensure that they have the ability to use technology that they can trust," he explains.
"We want customers to have confidence that when they use the Microsoft cloud, there are strong and specific security safeguards in place. We call this the Trusted Cloud," says Boyle.
"As you work with your customers on their digital transformation and encourage them to embrace cloud and hybrid solutions, we want you to be prepared to answer the questions and address the concerns that your customers have about how their data and systems are protected in the Microsoft cloud," Boyle explains.
"Leading this discussion with your customers can be powerful and persuasive, and help you close sales," he says.
Four pillars to the Microsoft Trusted Cloud
There are four pillars to the Microsoft Trusted Cloud. These are our commitments to governments, enterprises, consumers, and people around the world:
- Privacy: You own and control your data
- Compliance: Microsoft conforms to global standards
- Transparency: You have visibility into how Microsoft handles your data
- Security is built into the Microsoft cloud from the ground up to help keep your data safe
Each of the Microsoft enterprise cloud services, including Microsoft Azure, Microsoft Office 365, Microsoft Intune, and Microsoft Dynamics CRM Online, incorporate industry-leading security safeguards, privacy protection, and regulatory compliance features. Our approach to handling data within our cloud services is to Comply, Control, and Protect, with transparency underlying everything.
Here is what you should know about each of these components of our approach to the Trusted Cloud, so you can provide your customers with the facts to help them make an informed decision.
Comply
The compliance obligations of customers vary in type and complexity, but all businesses know that they must manage, use, access, and protect personal information in accordance with laws and regulations. For example, financial services, healthcare, and government customers are responsible for super-sensitive and highly regulated information.
More than any of our competitors, Microsoft works with customers and regulators to understand the compliance requirements and align our cloud services accordingly. Our compliance with national, regional, and industry-specific requirements is independently audited, and customers can see the results of these audits.
- Microsoft was the first major cloud provider to meet International Standard 27018 for the protection of personal information stored in the cloud, a standard that requires independent third-party validation
- Microsoft was the first to address, and continues to lead, HIPAA compliance for the protection of health information
- Microsoft was the first cloud vendor to get the thumbs up from the European Union data protection authority, the gold standard of endorsements for privacy protection
- For public sector customers, Microsoft is able to protect student, tax, and criminal justice data, as a result of working closely with the Federal Risk and Assessment Management Program, or FedRAMP, process. Azure Government is now part of a FedRAMP High authorisation pilot.
Control
Microsoft believes that customers should own and control their data. They should know where it is located, and they should know who has a right of access to it.
When you talk to your customers about maintaining control of their data, you can reassure them that the commitment we make to privacy and security is backed by our Microsoft Online Services Privacy Statement, which describes the specific privacy policy and practices covering customer data in the Microsoft enterprise cloud services. We follow the international code of practice for cloud privacy, the ISO/IEC 27018 standard, and will not use or sell enterprise customer data for advertising.
Customers can choose the geographic location for where their data are stored, particularly important to those that are worried about foreign government access or other cross-border issues. Microsoft also provides customer visibility to service logs and audit reports, and features such as a "customer lockbox" for some cloud services are embedded to provide customers with greater control and transparency.
Protect
The Microsoft Cloud offers a range of encryption capabilities, including world-class cryptography for data in transit and data at rest.
Data sovereignty is a key principle in the Microsoft philosophy, and we will not provide any government with direct and unfettered access to a customer's data in the absence of lawful process. We believe that governments should follow established legal process to obtain access to customer data, and we do not provide any governments with encryption keys or the ability to break encryption. If required to respond to a government demand, unless the law won't allow it, Microsoft will tell the customer right away.
Microsoft is an industry leader in combating cybersecurity threats. Our Digital Crimes Unit works with law enforcement to shut down cybercriminals across the globe who are responsible for many of the security breaches you hear about in the news. Part of the DCU's work involves helping identify infected machines and thwarting criminal control of botnets, then working with law enforcement groups to catch the bad guys. We've been able to embed some of these functions into our cloud services to help customers police their own networks.
Lead the security discussion with your customers
Our mutual customers are right to insist on clarity, transparency, and contractual commitments for how their data are secured and protected in the cloud. Microsoft will continue to lead and innovate in delivering cloud services that your customers can trust and that you can package up with your services for secure, end-to-end cloud and hybrid solutions.
The new Microsoft Trust Center is a comprehensive website that will help you prepare to have conversations about privacy, compliance, security, and transparency with your customers. It will help you answer questions that their IT, privacy, and legal teams may have, so that you can reassure them of the Microsoft commitment to being the most trusted cloud provider.