If your organization is seriously considering a migration from SharePoint on premise, to SharePoint Online, Office 365, and you need to learn more about the security of cloud computing for these services, you should visit Microsoft’s Securing the Cloud Infrastructure Web Site.
I reviewed a short video presentation, hosted by Pete Boden, General Manager, Security Leadership at Microsoft. This video is under 3 minutes in length and styled to provide executives with some of the information they require to begin to make an informed decision about the suitability of the security of Microsoft’s cloud IaaS and SaaS offers (SharePoint Online, Office 365 falls into the SaaS group, while Azure represents the IaaS offer). Some important takeaways from this video:
- Microsoft’s Datacenter Services presently serves over “1 billion customers, world wide and over 20 million commercial enterprises”
- Mr. Boden claims international and domestic, US regulatory requirements are being met by the Datacenter business
- The data security procedures for the Microsoft Datacenter offering are built on a risk management “security threat model”
- The security “framework includes over 600 security controls to support 4 major obligations and attestations”. These include the “ISO 27001 Standard”, the “PCI-DSS Standard”, “FISMA” and “FedRAMP”, and, finally, “SSAE 16”
- Microsoft brings in 3rd party auditors and assessors to certify activities
The video does include a caveat: Mr. Boden states “ultimately it is the customer’s accountability to meet those needs [from regulatory agencies for compliance reporting]”.
The final last section of this short video presents some of the mandatory requirements customers ought to envision as they put together a profile of a cloud IaaS provider with the requisite data security capabilities. Mr. Boden notes Microsoft’s Datacenter business has attained ISO 27001 and SSAE 16 certifications.
For technical decision-makers on the team to select a cloud IaaS provider, the site also offers a much longer, complex video presentation hosted by Mark Estberg and Jeff Fellinge, who are both Senior Directors at Microsoft® in the Online Services, Security and Compliance Team. The video is over 20 minutes in length and, as Mr. Estberg makes clear, the purpose of the video is for the two hosts to present the “security and compliance capabilities of Microsoft’s cloud infrastructure”.
©Rehmani Consulting, Inc. & Ira Michael Blonder 2014 All Rights Reserved