For most companies, the move to the cloud isn’t simply about reducing on-premises space for storage and computing, but about making sure the data flowing in and out is just as secure as it would be hidden away in businesses underground bunker. To that end, Microsoft’s Azure team is not only expanding the functionality, flexibility, and reliability of the service but also its list of security, compliance, privacy, and transparency certifications.
Alice Rison, a senior director of Microsoft’s Azure service, took some time out today to highlight the newly received certifications to the company’s cloud platform while also touting the expanded certifications customers have been able to count on.
We continue to maintain the largest portfolio of cloud certifications. In the first half of 2016, we achieved four new international certifications as well as renewed and expanded other certifications in seven countries. Here is a quick recap of our international compliance activities:
Japan: We achieved Cloud Security Mark Gold Level accreditation and announced our alignment to the My Number Act on protecting personal data in Japan. Cloud Security Mark by Japan Information Security Audit Association (JASA) is the standard required by the government for cloud procurement.
Spain: Microsoft is the first global cloud service provider that achieved the Spain Esquema Nacional de Seguridad certification, which reiterates the effectiveness of our security controls implemented to protect customer data.
United Kingdom: We are also the first public cloud to gain the Federation Against Copyright Theft (FACT) certification. This accreditation proves our compliance with established media-industry security best-practices, including Content Delivery and Security Association’s (CDSA), Content Protection and Security (CPS) Standard, and the Motion Picture Association of America’s application and cloud security guidelines.
China: Microsoft Azure operated by 21vianet upgraded our Multi-Layer Protection Scheme (MLPS) classification from level 2 to level 3 and also added a new service to our Trusted Cloud Services certification.
Canada: We announced the alignment of our approach to protecting customer data with recommendations from the Canadian privacy commission on related privacy laws. Based on the shared responsibility principle, customers that want to use cloud services should also go through self-assessment to ensure proper planning and adherence to the laws.
New Zealand: Our responses to New Zealand’s Cloud Computing Information Security and Privacy Considerations have been updated for new services in scope for the new question set.
Singapore: Microsoft’s Multi-Tier Cloud Security Singapore Standard:584 (MTCS SS:584-2015) certification has been upgraded to the 2015 version at Tier 3 with expanded scope of services. We also published a whitepaper in the context of Singapore compliance for Azure to help our customers address questions from MTCS and PDPA.
United Kingdom: Our UK G-Cloud has been expanded to cover all services that are in-scope for ISO 27001:2013 and updated to address the latest version of cloud security principles at OFFICIAL level.
Looking beyond the headlines of whose cloud platform is beating whose regarding broad appeal, it’s clear that all service providers are and should be working hard to ensure the data they are housing and trafficking is meeting national and international standards. Microsoft’s Azure team appears dedicated and committed to meet the compliance and security measures imposed by its customer’s regulatory requirements as they find themselves embarking on a long road of transition with companies seeking to invest in the cloud.Further reading: Azure, Certification, China, Cloud Services, FACT, Microsoft