Embed Size (px)
Citation preview
Trust in the CloudKellie Ann ChainierMicrosoft Corporation
Trusting The CloudIt’s all over the news – “Can I trust the cloud?”
1.0
Privacy
Loss of Control
Regulatory Compliance
Key Concerns
Security
Frequent Questions SECURITY
Is cloud computing secure?Are Microsoft Online Services secure?
PRIVACY
What does privacy at Microsoft mean? Where’s my data?
COMPLIANCE
What certifications and capabilities does Microsoft hold?How does Microsoft support customer compliance needs?Do I have the right to audit Microsoft?
Trust Centers
Trust Centers
Windows Azure http://www.windowsazure.com/en-us/support/trust-center/
Office 365 Trust Center http://trust.office365.com
CRM OnlineComing Very Soon!
DEMO
Why Get Independently Verified?“I need to know Microsoft is doing the right things”Alignment and adoption of industry standards ensure a comprehensive set of practices and controls in place to protect sensitive data
While not permitting audits, we provide independent third-party verifications of Microsoft security, privacy, and continuity controls
This saves time and money for everyone, and allows Microsoft Online Services to provide
assurances at scale
Microsoft provides transparency
• No advertising products out of Customer Data. • No data mining of customer data for advertising
At Microsoft, our strategy is to consistently set a “high bar” around privacy practices that support global standards for data handling and transfer
Privacy at Windows Azure
No Advertising
• Foundation of Microsoft: Privacy in the Cloud• Windows Azure Privacy Statement describes the specific privacy policy and
practices
We Respect the Privacy of Your Data
Transparency Through Cloud Security Alliance
Microsoft’s Office 365 & Windows Azure, CRM Standard Responses on STAR!
• Specific details about Security and Privacy is mapped to the CCM and our ISO certification.
Standard from the Cloud Security Alliance
(CSA)The Cloud Security Alliance Cloud
Controls Matrix (CCM) is specifically designed to provide fundamental security principles to guide cloud
vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider.
RESOURCES
Title Location
Trust Center – Windows Azure
http://www.windowsazure.com/en-us/support/trust-center/
Standard Response papers (Office 365, Windows Azure and CRM (coming soon))
http://www.microsoft.com/download/en/details.aspx?id=26647
Patriot Act Training & Docs
https://spsites.microsoft.com/sites/bosm/boswiki/Pages/Patriot-Act.aspx SafeGov http://safegov.org/
EU- US Safe Harbor Framework• Microsoft is Safe Harbor certified with the U.S. Department of
Commerce
• Allow for data transfer to Microsoft for processing within EU and counties aligned with data protection laws
• Microsoft acts as the data processor, and data usage decisions are made by the data controller, to the extent of the Service’s capabilities
EU Model Clauses• New “controller- processor” Contractual clauses adopted by
the European Commission
• Protect personal data transferred from Europe to a data processor located outside the EU/EEA
• Data Processing Agreement (DPA) that details our EU Data Protection Directive compliance
HIPPA Compliance
• HIPAA – Health Insurance Portability and Accountability Act of 1996
• US statute with accompanying regulations that applies to Covered Entities (hospitals, insurance companies and doctor’s offices) and governs the use, disclosure and safeguarding of protected health information (PHI)
• HIPAA has been expanded by the Health Information Technology for Economic and Clinical Health Act (HITECH Act), which imposes specific requirements on a HIPAA covered entity's vendors who have access to PHI
• When customer who are HIPAA covered entities use our service, they potentially store PHI in our data centers • The Business Associate Agreement (BAA) can be
signed by vendors such as ourselves to address the flow down requirements
Azure and CRM Online on Roadmap
What is the Patriot Act? • The USA PATRIOT ACT (commonly known as the “Patriot Act”)
was signed into law on October 26, 2001
• The Patriot Act is focused on investigation of terrorism and foreign clandestine intelligence activities directed at the United States
• The Patriot Act is limited in scope and is not relevant to the vast majority of cloud computing customer.• Terrorist and clandestine intelligence activities • To combat terrorism
• The Patriot Act does not provide for unfettered US government access to online data• Process and substantive limitations on the Government’s
ability to require discloser of data exist• Protections are applicable to all customer not just US
customers
• The Patriot Act applies to any company that operates or does business within the US
USA PATRIOT ACT Stands for Uniting (and) Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
