Securing Microsoft’s Cloud Infrastructure

  • Article

A lot of people and companies are talking about “the Cloud” today. I guess that there are not too many companies that share the same track record of running online services as Microsoft. 1994 we launched MSN and since then we are in this business.

Microsoft Global Foundation Services (the group responsible for this infrastructure) just published a document called Securing Microsoft’s Cloud Infrastructure which is definitely worth reading. In my opinion a few items will be key when talking about a trustworthy cloud, one of them being transparency. Transparency how your data is handled, how software is written and operated, how incidents are dealt with, etc.  This paper definitely helps on our side to drive in this direction although we did already a lot in this respect like making the Security Development Lifecycle available and communicating transparently about security challenges etc.

To show the importance of security for our online services as well, I would like to quote the paper:

The core driver to creating an effective security program is having a culture that is aware of and highly values security. Microsoft recognizes that such a culture must be mandated and supported by company leaders. The Microsoft leadership team has long been committed to making the proper investments and incentives to drive secure behavior. In 2002, the company formed the Trustworthy Computing initiative with Bill Gates committing Microsoft to fundamentally changing its mission and strategy in key areas. Today, Trustworthy Computing is a core corporate value at Microsoft, guiding nearly everything the company does. At the foundation of this initiative are these four pillars: Privacy, Security, Reliability, and Business Practices. For more information on Trustworthy Computing, see the Microsoft Trustworthy Computing page.

Microsoft understands that success in the rapidly changing business of online services is dependent upon the security and privacy of customers’ data and the availability and the resiliency of the services Microsoft offers. Microsoft diligently designs and tests applications and infrastructure to internationally recognized standards in order to demonstrate these capabilities and compliance with laws and with internal security and privacy policies. As a result, Microsoft customers benefit from more focused testing and monitoring, automated patch delivery, cost-saving economies of scale, and ongoing security improvements.

Here are the links to the different papers we published today:

Roger