Can the cloud be secure?
Can we build a truly secure cloud?
“It’s a challenging goal,” says Adrienne Hall, general manager of Trustworthy Computing at Microsoft.
Posting on Microsoft's official blog website, Hall says security is an important consideration for organisations looking to tap the cloud’s cost savings, flexibility and scalability.
"People want to know if the cloud vendor they choose can keep their data secure and readily available, while effectively managing any unexpected events," she says.
At Microsoft, Hall says the company focuses on three main areas to build customer trust in our cloud offerings:
Hall claims all Microsoft products and services are designed and built from the ground up using Microsoft’s Security Development Lifecycle (SDL).
"All products must pass a final security review before they are released," she says.
"Whether it’s our Windows Azure cloud platform, server products like Hyper-V, or application suites like Office 365 and Microsoft Dynamics CRM."
"We design and build our datacenters to meet internationally recognised standards, regional laws, and our own stringent security and privacy policies," Hall says. "This includes detailed security controls across multiple layers of defense.
"Our datacenter infrastructure has achieved a range of certifications and attestations, including ISO 27001, PCI Data Security Standard, SAS 70 Type 2, EU Model Clauses, U.S. HIPPAA BAA and Federal Information Security Management Act (FISMA).
No matter how secure or reliable we make our products, unexpected situations occur admits Hall. When they do, Hall says Microsoft mobilises significant global resources to respond quickly, comprehensively, and effectively to incidents.
"All that said, it’s important to remember that organisations that choose the cloud are not devolving 100 percent of their security responsibilities," she says.
"The cloud service provider will take on a great many security responsibilities, but not all of them.
"Customers will typically need to maintain “client security” at their own locations or among their workforce – ensuring up to date antivirus, for example, or educating employees on the importance of using strong passwords."
Can businesses build a truly secure cloud? Tell us your thoughts below