Many companies are shying the way into the cloud because they are not sure whether it meets the compliance requirements or because they simply do not recognize the benefits. The result of this is increasingly a shadow IT. Because if the IT department of a company does not care about it, the employees simply do it themselves. They then use Dropbox or similar vendors, pushing sensitive company data completely uncontrolled into the cloud.
Modern workplaces for knowledge workers now require flexible work. The free choice of workplace and flexible working hours are important foundations for many employees. It simplifies the compatibility of family and work,
Companies must make data available to employees
For flexible work to be possible, the data must be available accordingly. At the same time, two aspects have to be taken into account in data storage.
- Data must be encrypted so that no unauthorized access is allowed
- Data must be stored in such a way that it cannot be erased or read out by human or force majeure.
If you want to put your private data or company data into the cloud, you need to consider how the cloud provider protects your data. Microsoft has set a new benchmark with Microsoft Cloud DE, but the solution is not expected until the third quarter of 2016.
For decision-makers who are concerned with the security and privacy of the cloud, it is, therefore, necessary to check the properties of the cloud provider. We have compiled the most important information about Microsoft Cloud services for you.
Microsoft offers different cloud services
Microsoft provides various cloud services with Azure, Office 365, and SharePoint Online, with varying levels of user responsibility.
SaaS – Software as a Service
- Microsoft is responsible for the operation and security of the infrastructure. Security controls and capacities are provided.
- The user controls and backs up his data as well as identities. It also configures the applications that are provided by the cloud.
Azure PaaS – Platform as a Service
- Microsoft is responsible for the operation and security of the infrastructure as well as for the operating system.
- The user controls his data, identities, and applications. It also controls all source code of applications and configurations.
Azure IaaS – Infrastructure as a Service
- Microsoft is responsible for the operation and security of the infrastructure and the operating system.
- The user controls and backs up all data, identities, applications, virtual systems, and all infrastructure settings provided by the cloud.
- Private Clouds are on-premise solutions that are operated by the user. The provider is responsible for security and he is the owner of the cloud.
- Private Clouds differ from the traditional On-Premises applications because they have the typical characteristics, such as availability and flexibility, of Clouds.
Seven facts about privacy and security in Microsoft Clouds
Ownership of data
All data remain the property of those who claim the service.
The data are not evaluated and further processed. For example, no advertising is switched on the basis of the data.
Transfer of data to government
When the government requests data, these requests are always passed directly to the customer, if possible.
Data Protection Review
In the course of the development process, the data protection is checked to ensure that all access rights are set correctly and are adhered to.
The user of the cloud service is always in control of how his data is stored. This includes controlling, where the data is stored and how to be accessed.
Transferability of data
After the service contract has been terminated, all data will be deleted.
- Data encryption and management
Transport of data
Microsoft uses the encryption methods of market routing to encrypt the data during transport between the data centers and the users. In addition, customers can still use “Perfect Forward Security” (PFS), a technology that uses its own encryption code for each connection.
Encrypting solutions based on Azure
In solutions based on Azure, the user can decide for themselves which encryption methods are additionally implemented.
Azure Key Vault
The “Azure Key Vault” protects cryptographic keys. Microsoft cannot view or decrypt these keys.
Office 365 and other software as a service offer use encryption methods, to protect the stored data on the Microsoft servers.
Azure Rights Management (Azure RMS)
Azure RMS uses encryption, identity, and authentication policies to protect users’ files and emails.
- Identification and access
The user controls access to the data and applications
Microsoft provides comprehensive identity and access management solutions. The application is made easier for the user because Azure, Office 365 and other services are combined.
Azure Active Directory and Multi-Factor Authentication
The Azure Active Directory allows customers to coordinate access to Azure, Office 365, and other cloud applications. Access is possible via multi-factor authentication.
Third Party SaaS Identity Management
Azure AD also allows easy integration of single sign-on across other SaaS applications.
- Software and service
Secure Development Lifecycle (SDL)
Security and privacy considerations are included in the software development process, resulting in secure applications.
- Proactive test and monitor
Microsoft is constantly testing its services for security gaps
- Data Center Infrastructure and Network Security
It is possible to set up a private network to the Azure data centers.
- Physical Data Center Security
Microsoft’s data centers are monitored around the clock.
The data centers are designed, operated and monitored to protect the data and services from unauthorized access and environmental disasters.
Zero standing privileges
Access to customer data via Microsoft work or support personnel is not permitted by default. When the access was allowed, the process was reliably carried out and documented.
When users delete data or terminate the service, strict standards are met to overwrite the disk space before it is reused. Faulty hard disks and hardware are demagnetized and destroyed.
Cloud Development Services in Nebraska, Utah, Indiana, Kansas, Montana, Rhode Island, New Mexico, Mississippi, Nevada, Wyoming, Maine, Iowa, New Hampshire