If there is one area in which the cloud operators all agree, this is the one related to the protection of personal data. A highly strategic niche that aims to help reassure their ability to preserve the privacy of their clients.
Microsoft seeks to distinguish itself from other cloud service providers to businesses by leveraging the security and transparency of personal data processing. The legal director of the Microsoft Brad Smith has shown an initiative to just try to provide a significant boost to its credibility in terms of data protection, with the adoption of the international standard for cloud private data, ISO 27018. Published in July 2014, this standard overlays to ISO 27001, which is concerned with the security and confidentiality of data to individual character.
The adherence to the ISO 27018 standard ensures data ownership in several ways, including ensuring that Microsoft treats “only personally identifiable information as instructed by its customers” and “guarantees the transparency policy on the return, transfer and deletion of personal information stored in our data centers” allowing customers know the location of their data in the data center of the Redmond company.
It also includes the names of companies that need to access data and unauthorized access to personally identifiable information. ISO 27018 standard also ensures that there are restrictions set on the way Microsoft treat personally identifiable information, including the transmission over public networks, storage on a transportable media and appropriate data recovery process.
In addition, the standard ensures that all people, including the company’s own employees handling personally identifiable information, must be subject to an obligation of confidentiality. The publisher also confirmed, as it had previously indicated that customer data will not be used for advertising solutions for which the adoption of the ISO 27018 standard applies are currently Microsoft Azure, Office 365 and Dynamics CRM Online, but also Microsoft Intune.
Microsoft customers will retain control of their personal data. Compliance with the standard also provides transparency regarding the transfer, return and deleting private information stored in data centers.
Last spring, Microsoft received confirmation of European data protection authorities indicating that cloud contracts are in line with the privacy laws of the European Union with reference to international data transfer. Providers who adopt this new ISO/IEC 27018 standard must operate under five fundamental principles namely – Consent, Control, Transparency, Communication, and Independent and yearly audit.
Microsoft has already announced a month ago that they wanted to obtain other certifications in the future, as the ISO 27001 certification for Visual Studio Online. Microsoft pursuing for the objective to ensure customers and developers that their data is always protected by the highest security standards.
Microsoft continues to enhance its Azure platform with several new features. Last month, the company has added Azure virtual machines using the new processors Intel Xeon, Azure Key Vault security service, SQL Server Connector, the availability of the Azure Marketplace Ubuntu Server with a built-in application virtualization Docker image, Docker on Ubuntu Server by Canonical and Microsoft Open Tech..
By adopting the latest ISO safety and confidentiality of personal data in the cloud, Microsoft seeks to reassure businesses and users, but also to differentiate itself from its competitors as per the Azure Offices 365 and Dynamics CRM solutions are concerned.