Businesses today face a constantly evolving set of potential threats—from data security breaches to downtime from unexpected events. In the wake of breaches experienced by Sony, Home Depot, and Premera, as well as leaks at the Office of Management and Budget as well as the IRS, businesses, government agencies, and individuals are increasingly concerned about security and on edge about the vulnerability of their information.
Microsoft is committed to the vision of empowering every person and every organization on the planet to achieve more. To achieve that vision, we need to protect those individuals and organizations—and ensure that they have the ability to use technology that they can trust. We want customers to have confidence that when they use the Microsoft cloud, there are strong and specific security safeguards in place. We call this the Trusted Cloud.
As you work with your customers on their digital transformation and encourage them to embrace cloud and hybrid solutions, we want you to be prepared to answer the questions and address the concerns that your customers have about how their data and systems are protected in the Microsoft cloud. Leading this discussion with your customers can be powerful and persuasive, and help you close sales.
Four pillars to the Microsoft Trusted Cloud
There are four pillars to the Microsoft Trusted Cloud. These are our commitments to governments, enterprises, consumers, and people around the world:
- Privacy: You own and control your data
- Compliance: Microsoft conforms to global standards
- Transparency: You have visibility into how Microsoft handles your data
- Security is built into the Microsoft cloud from the ground up to help keep your data safe
Each of the Microsoft enterprise cloud services, including Microsoft Azure, Microsoft Office 365, Microsoft Intune, and Microsoft Dynamics CRM Online, incorporate industry-leading security safeguards, privacy protection, and regulatory compliance features. Our approach to handling data within our cloud services is to Comply, Control, and Protect, with transparency underlying everything.
Here is what you should know about each of these components of our approach to the Trusted Cloud, so you can provide your customers with the facts to help them make an informed decision.
The compliance obligations of customers vary in type and complexity, but all businesses know that they must manage, use, access, and protect personal information in accordance with laws and regulations. For example, financial services, healthcare, and government customers are responsible for super-sensitive and highly regulated information.
More than any of our competitors, Microsoft works with customers and regulators to understand the compliance requirements and align our cloud services accordingly. Our compliance with national, regional, and industry-specific requirements is independently audited, and customers can see the results of these audits.
- Microsoft was the first major cloud provider to meet International Standard 27018 for the protection of personal information stored in the cloud, a standard that requires independent third-party validation
- Microsoft was the first to address, and continues to lead, HIPAA compliance for the protection of health information
- Microsoft was the first cloud vendor to get the thumbs up from the European Union data protection authority, the gold standard of endorsements for privacy protection
- For public sector customers, Microsoft is able to protect student, tax, and criminal justice data, as a result of working closely with the Federal Risk and Assessment Management Program, or FedRAMP, process. Azure Government is now part of a FedRAMP High authorization pilot.
Microsoft believes that customers should own and control their data. They should know where it is located, and they should know who has a right of access to it.
Customers can choose the geographic location for where their data are stored, particularly important to those that are worried about foreign government access or other cross-border issues. Microsoft also provides customer visibility to service logs and audit reports, and features such as a “customer lockbox” for some cloud services are embedded to provide customers with greater control and transparency.
The Microsoft Cloud offers a range of encryption capabilities, including world-class cryptography for data in transit and data at rest.
Data sovereignty is a key principle in the Microsoft philosophy, and we will not provide any government with direct and unfettered access to a customer’s data in the absence of lawful process. We believe that governments should follow established legal process to obtain access to customer data, and we do not provide any governments with encryption keys or the ability to break encryption. If required to respond to a government demand, unless the law won’t allow it, Microsoft will tell the customer right away.
Microsoft is an industry leader in combating cybersecurity threats. Our Digital Crimes Unit works with law enforcement to shut down cybercriminals across the globe who are responsible for many of the security breaches you hear about in the news. Part of the DCU’s work involves helping identify infected machines and thwarting criminal control of botnets, then working with law enforcement groups to catch the bad guys. We’ve been able to embed some of these functions into our cloud services to help customers police their own networks.
Lead the security discussion with your customers
Our mutual customers are right to insist on clarity, transparency, and contractual commitments for how their data are secured and protected in the cloud. Microsoft will continue to lead and innovate in delivering cloud services that your customers can trust and that you can package up with your services for secure, end-to-end cloud and hybrid solutions.
The new Microsoft Trust Center is a comprehensive website that will help you prepare to have conversations about privacy, compliance, security, and transparency with your customers. It will help you answer questions that their IT, privacy, and legal teams may have, so that you can reassure them of the Microsoft commitment to being the most trusted cloud provider.
Microsoft security platform demo: Protecting against, detecting, and responding to threats
For a look at the security capabilities and features in Microsoft cloud services, watch this demo by Julia White, General Manager for Cloud & Enterprise.