Why the Trust Centre
With the emergence of cloud computing, today’s IT
organizations are looking at cloud solutions for many of their projects. As
part of that, IT organizations are ramping up their internal cloud knowledge
and cloud skills. One of the challenges associated with expanding cloud
deployments has been the lack of information and/or the lack of knowledge about
cloud security and compliance.
The Azure Trust Center hopes to change that. By
centralizing information about Azure’s security and compliance, organizations can
more easily find information to help them make the right deployment decisions.
In many cases, this information is required to move forward. For example, if
you run an e-commerce web site and accept credit cards as a form of payment,
you need to ensure that your IT infrastructure follows all the appropriate
regulations (in this case, PCI-DSS).
What are three main concerns you have about moving
to the cloud?
Regardless of their size, most cloud customers have the same concerns.
• Will I be able to maintain control of my data?
• Will my data be secure and private?
• Will the Cloud provider be transparent and compliant?
Trust Center Pillars
Microsoft understands that enterprise customers need to entrust their most valuable assets with a cloud provider to realize the full benefits of the cloud. These assets, such as your company data, must be secure and kept safe. Azure Trust Center is focused on the following key pillars.
Security Azure keeps your data safe by managing and controlling identity and user access, encrypting communications and operation processes, securing networks, and managing threats.
Privacy Microsoft is committed to organizations’ ownership of and control over the collection, use, and distribution of their information. Microsoft has adopted the world’s first code of practice for cloud privacy, ISO/IEC 27018, by ensuring that the customer owns their own data, is in control of their data, and has transparency in how Microsoft will respond to government and law enforcement request to access data.
Transparency Microsoft ensures that the data you store in Azure
is owned by the customer and that the customer should always have visibility
into that data. It is also important to understand, through readily available
policies and procedures, how Microsoft helps secure customer data, who can
access it, and under which circumstances
Compliance Microsoft Azure meets a broad set of international and industry-specific compliance standards through rigorous third-party audits, such as by the British Standards Institute. These audits verify Azure’s adherence to the strict security controls these standards mandate.
The Security Principle
The Confidentiality, integrity and availability of
your data is protected.
When you try to define “security” from a cloud
perspective, you can lean on the definition of information security from an
on-premises perspective: prevent unauthorized access to systems and data,
prevent data leakage, prevent unauthorized data deletion, and protect services
against attacks (whether with the intention of denying access to services by
unauthorized users or with the intention of stealing data). Security is one of
the first concerns that many organizations struggle with when making the choice
to move applications, services, and data to the cloud. Many organizations need
to establish a level of comfort with public clouds and that comfort can be
established by reviewing a cloud provider’s security policies and strategies.
It isn't possible to cover all the different aspects of security in this lesson, but we can highlight a few things: Operational Security Assurance, Security Development Life cycle, Microsoft Security Response Center, Operational Management Suite, and the Built-in Security features.