Does Your Cloud Service Set the Highest, Global Standard for Security?


At Microsoft, we know that interactions between people bridge country and corporate borders thousands of times each day, and that for many businesses, transactions occur in-country only. Since business data is an asset which is sensitive to employees, business operations, customers, and partners, we ensure our customers’ data is secure wherever it is in the world. Through our work with governments and organizations, we understand the importance of adhering to a range of international standards, regulations and contractual clauses.

Keeping current regarding the many laws, standards and requirements effecting cross-border data security and data transfer is challenging, and international regulations for data security are often more restrictive than those followed by US-based firms doing business domestically.

With a large, potential scope of considerations for both domestic and cross-border data protection and compliance, what certifications should you be aware of as you begin to leverage cloud productivity tools? Knowing that two standards are particularly important in addressing data transfer for businesses using cloud services, Microsoft became the first, major, cloud productivity service to 

Google carries neither distinction for its cloud services.

ISO 27001 Certification
Recognizing its significance to customers as a security benchmark which is also important for data transfers, both cross-border and domestic, Microsoft built Office 365 to adhere to the International Standards Organization’s, (ISO’s), 27000 family of standards. ISO 27001’s broad scope and wide recognition combine to make it a very rigorous certification. The family of standards covers privacy, confidentiality and technical security issues, and addresses established guidelines and general principles for initiating, implementing, maintaining, and improving information security management within an organization.

ISO 27001/27002 outlines hundreds of potential controls and control mechanisms. In addition, ISO 27001/27002 specifies a management system to bring information security under explicit controls. In certifying Office 365 for ISO 27001, Microsoft has implemented a high level of physical, logical, process and management security controls for the cloud suite, which the internationally-recognized ISO verifies independently, each year

European Union (EU) Model Clauses
The EU Model Clauses help customers certify compliance with the European Commission’s Data Protection Directive. Microsoft incorporates the EU Model Clauses into individual agreements that it holds with its Office 365 customers. These clauses require that data transferred internationally meet a high security bar, and that data is safeguarded, even if it resides outside of Europe.

It is important for companies doing business in Europe to have these clauses in place, as European regulators have the option to block use of a service that potentially doesn’t meet the EU’s Data Protection Directive, until regulators can determine if the service is compliant. Blocking access to a cloud productivity service that an organization uses daily could be catastrophic. Partly through compliance with the EU Model Clauses, Microsoft Office 365 has a more complete approach to European data protection and security laws than any other cloud services vendor.

US Health Insurance Portability and Accountability Act
Office 365 is compliant with the US-mandated Health Insurance Portability and Accountability Act (HIPAA). Due to this compliance, health organizations using Office 365 can more confidently implement document sharing, and technologies for tools such as paging, IM and video conferencing, while employees access information from any, secure device. At the same time, these organizations can substantially lower their IT operating costs.

US SAS/SSAE Audit
The American Institute of Certified Public Accountants (AICPA) designed SAS/SSAE as a way to audit and document the design and effectiveness of security control systems. SAS/SSAE includes a review of the organization’s own processes and an auditor’s opinion of how well they are working.

It can be confusing to follow this audit report. Regarding SAS/SSAE, a US firm specializing in regulatory requirements states: “The term ‘system’ and its description can carry a number of meanings and may well be interpreted slightly differently among service organizations having to comply with SSAE 16.”  SAS/SSAE doesn’t impose a checklist of security requirements to follow like the ISO 27001 does, and SAS does not point out that the enterprise’s security control system is important to review, as ISO not only points out, but audits.

While Microsoft also supports customers by adhering to the SSAE 16 Type 1 audit of Office 365,  Google actively touts an audit report which is not as directly relevant to cloud security as ISO 27001 is, misleading customers to perceive SSAE 16 as being a certification, or a standard, rather than an audit report. SSAE 16 is a list of an organization’s self-stated controls which incorporates how well the organization follows the list. Also, since conformance can vary, parts of an organization may choose to follow a low quality, short list of controls, with a lesser impact on the organization’s overall data security.

The Office 365 Trust Center
For businesses large and small, I know that

  • It is important to rely on a privacy-protecting service which incorporates international standards governing how data is secured.
  • Microsoft is committed to high standards in delivering cloud productivity services, and is committed to security, privacy and transparency in handling your data.

The Office 365 Trust Center describes how Microsoft manages Office 365 data, includes background information on the standards we’ve discussed, and cites additional certifications that Microsoft holds for both Office 365 and its data centers, such as EU Safe Harbor and FISMA. It is an excellent resource for customers in assessing the service’s compliance to standards important to their organization.

If you could choose Office 365 which meets

  • Several standards plus the EU Model Clauses
  • an international standard with strict guidelines for security, and with certification that they are both followed and audited;

Or select Google Apps, a service that

  • Simply adheres to an SAE audit of how well the service provider followed their own, internal, security controls for the US, then which would you choose?

 

Comments (19)

  1. situs buka jasa dan promosi jasa says:

    Situs buka jasa dan promosi jasa on http://www.bukajasa.com

  2. Togel online says:

    Togel online on http://www.sindobet.com
    Taruhan bola online on http://www.sindobet.com
    Prediksi bola hari ini on http://www.sindobet.com

  3. Jasa backlink murah berkualitas says:

    Jasa backlink dan seo on http://www.goseopro.net/
    Alat ukur standart backlink goseopro.net
    http://www.goseopro.net/2015/10/alat-ukur-standar-backlink.html
    Jasa backlink murah berkualitas
    http://www.goseopro.net/2015/03/jasa-backlink-murah-berkualitas.html

  4. Petiet says:

    babad tuntas ! kami juaranya http://ironsteelcenter.com/ tiada bandingan anda akan bahagia

    http://ironsteelcenter.com/category/besi-baja-wf-iwf-wide-flange-beam-ss400-a36 kenapa harus cari yang lain bos? mau cari apalagi?

    http://ironsteelcenter.com/category/besi-baja-h-beam-channelh-kanalh-ss400-a36 hanya untuk anda kami beri murah parah bikin semua senang

    http://ironsteelcenter.com/category/besi-wiremesh-wermesh-m4-m5-m6-m7-m8-m9-m10-m11-m12-m13-m14-m15-m16 aneka macam jenis ukuran paling bagus
    http://www.pusatbesibaja.co.id/ berbagai merek tersedia disini asli gak boong

    http://ironsteelcenter.com/category/besi-baja-behel-beton-polos-ulir-sni-is-psi-master-ms-krakatausteel-ks-dp-delcoprima-pas-ji-ksc-ais-cs-ksty-ksi-jca-as-bjku-sii-hs-bjtd40-bjtp24 calling aja langsung cuci gudang

    http://ironsteelcenter.com/category/besi-baja-cnp-kanalc-channel-full-sni-pul anti mahal beraneka ragam tipe

    http://ironsteelcenter.com/category/besi-unp-channel-kanal-u-master-kayafit-ks-eq-ss400-a36-stainless-stenliss-stainlis-stainles-stenlis-sus304-ss201-aisi310-316-alumunium-almunium-tembaga kami solusi anda kami yang terbaik silahkan coba

    http://ironsteelcenter.com/category/besi-baja-plat-pelat-plate-eser-kapal-hitam-putih-coil-sphc-spcc-ss400-a36-stainless-stenliss-stainlis-stainles-stenlis-sus304-ss201-aisi310-316-alumunium-almunium-tembaga tahan lama anti goyang kwalitasnya gak main main

    http://ironsteelcenter.com/category/besi-baja-siku-lokal-imoprt-ispat-master-ks-eq-ss400-a36-stainless-stenliss-stainlis-stainles-stenlis-sus304-ss201-aisi310-316-alumunium-almunium-tembaga-kuningan disini anda akan beruntung cuma disini yang bisa

    http://ironsteelcenter.com/category/pipa-besi-hitam-medium-sch-schedule-40-80-a53-seamless-welded-wiremesh-wermesh-cakar-ayam-m4-m5-m6-m7-m8-m9-m10-m11-m12-ss400-a36-stainless-stenliss-stainlis-stainles-stenlis-alumunium-tembaga-sus304 kami pusatnya besi
    baja idaman semua
    http://ironsteelcenter.com/category/besi-baja-plat-kapal

  5. Hansteen says:

    untuk bahan bangunan rumah ini wajib dicoba
    http://www.jualbesibetonhargapabrikmurah.com dapatkan semua disini dari kami untuk anda yang termurah
    http://ironsteelcenter.com/category/besi-hollow-hitam-galvaniz disini anda akan untung besar coba langsung saja
    http://ironsteelcenter.com/category/baja-ringan murah juga aman kuat tahan lama
    http://ironsteelcenter.com/category/bondek disini anda akan beruntung idola kontraktor
    http://ironsteelcenter.com/category/spandek kami mengerti keinginan anda kami akan membuat anda untung banyak

    http://ironsteelcenter.com/category/stainless-steel-ss-sus-304-210-316-310-301-stenlis solusi paling prima kami akan membuat anda untung banyak
    http://daftarhargabesibaja.blogspot.com/ kami mengerti keinginan anda hanya untuk anda kami beri murah

    http://daftarhargabesibaja.blogspot.com/2016/03/daftar-harga-besi-h-beam-baja-terbaru.html bahan konstruksi terbaik semua akan kaget hubungi kami disini

    http://daftarhargabesibaja.blogspot.com/2016/03/daftar-harga-besi-wf-baja-terbaru-per_25.html daripada beli ditempat lain buat hari anda menguntungkan

    http://daftarhargabesibaja.blogspot.com/2016/03/daftar-harga-besi-plat-bordes-baja.html kwalitas andalan bikin perusahaan untung banyak

    http://daftarhargabesibaja.blogspot.com/2016/03/daftar-harga-besi-siku-baja-terbaru-per.html hubungi sekarang menakjubkan murahnya
    http://www.pusatbesibajamurah.com/

  6. Brodowski says:

    barang sudah pasti sni membuat anda ketagihan
    http://www.pusatbesibajamurah.com/besi-baja-h-beam/ boleh diadu kami beri murah sekali
    http://www.pusatbesibajamurah.com/besi-baja-plat/ ini serius murah kami mengerti keinginan anda
    http://www.pusatbesibajamurah.com/besi-baja-wf/ membantu proyek anda solusi paling prima
    http://www.pusatbesibajamurah.com/besi-beton/ kami pusatnya besi baja ayo kontak saja
    http://www.pusatbesibaja.com/ luar biasa ayo bandingkan pilihan alternatif
    http://www.pusatbesibajamurah.com/besi-kanal-c-cnp/ ada disini kami menjamin kepuasan anda
    http://www.pusatbesibajamurah.com/besi-kanal-u-unp/ murah juga aman kami berikan yang terhebat
    http://www.jualbesibajamurah.com/ silahkan dicek dengan benar perusahaan kami memimpin pasaran

    http://daftarhargabesibaja.blogspot.com/2016/03/daftar-harga-besi-plat-baja-terbaru-per.html dapatkan semua disini anda akan kaget

    http://daftarhargabesibaja.blogspot.com/2016/03/daftar-harga-besi-beton-baja-terbaru.html tiada bandingan dan juara berbagai tipe

    http://daftarhargabesibaja.blogspot.com/2016/03/daftar-harga-besi-kanal-c-cnp-baja.html gak akan kecewa cek disini mari cek disini

    http://daftarhargabesibaja.blogspot.com/2016/03/daftar-harga-besi-kanal-u-unp-baja.html

  7. Cara flashing android says:

    Cara flashing android @ http://indoflasher.net
    Tutorial flashing android @ http://indoflasher.net
    Tempat download stockrom dan firmware indonesia @
    http://indoflasher.net

  8. erkn says:

    levelhttp://www.ar-kane.com/p/blog-page_4096.html "> تسليك مجارى بالرياض
    http://www.ar-kane.com/p/blog-page_441.html "> افضل شركة تنظيف بالرياض
    http://www.ar-kane.com/p/blog-page_441.html "> تنظيف شقق بالرياض
    http://www.ar-kane.com/p/blog-page_441.html " > تنظيف منازل بالرياض
    http://www.ar-kane.com/p/blog-page_7973.html ">شركة غسيل خزنات بالرياض
    http://www.ar-kane.com/p/blog-page_18.html " > افضل شركة مكافحة حشرات بالرياض
    http://www.ar-kane.com/p/blog-page_18.html "> رش مبيدات بالرياض
    http://www.ar-kane.com/p/blog-page_4689.html ">شركة تخزين عفش بالرياض
    http://www.ar-kane.com/p/blog-page_441.html "> تنظيف مجالس بالرياض
    http://www.ar-kane.com/p/blog-page_441.html "> تنظيف فلل بالرياض