itb-nz logo
Story image

Can the cloud be secure?

05 Aug 2013

Can we build a truly secure cloud?

“It’s a challenging goal,” says Adrienne Hall, general manager of Trustworthy Computing at Microsoft.

Posting on Microsoft's official blog website, Hall says security is an important consideration for organisations looking to tap the cloud’s cost savings, flexibility and scalability.

"People want to know if the cloud vendor they choose can keep their data secure and readily available, while effectively managing any unexpected events," she says.

At Microsoft, Hall says the company focuses on three main areas to build customer trust in our cloud offerings:

Development:

Hall claims all Microsoft products and services are designed and built from the ground up using Microsoft’s Security Development Lifecycle (SDL).

"All products must pass a final security review before they are released," she says.

"Whether it’s our Windows Azure cloud platform, server products like Hyper-V, or application suites like Office 365 and Microsoft Dynamics CRM."

Operations:

"We design and build our datacenters to meet internationally recognised standards, regional laws, and our own stringent security and privacy policies," Hall says. "This includes detailed security controls across multiple layers of defense.

"Our datacenter infrastructure has achieved a range of certifications and attestations, including ISO 27001, PCI Data Security Standard, SAS 70 Type 2, EU Model Clauses, U.S. HIPPAA BAA and Federal Information Security Management Act (FISMA).

Incident Response:

No matter how secure or reliable we make our products, unexpected situations occur admits Hall. When they do, Hall says Microsoft mobilises significant global resources to respond quickly, comprehensively, and effectively to incidents.

"All that said, it’s important to remember that organisations that choose the cloud are not devolving 100 percent of their security responsibilities," she says.

"The cloud service provider will take on a great many security responsibilities, but not all of them.

"Customers will typically need to maintain “client security” at their own locations or among their workforce – ensuring up to date antivirus, for example, or educating employees on the importance of using strong passwords."

Can businesses build a truly secure cloud? Tell us your thoughts below

Story image
Secureworks: Remote working exposes new security vulnerabilities
New vulnerabilities have been exposed as IT teams across the world respond to the ongoing COVID-19 pandemic.More
Story image
How 'data gravity' centres can spell trouble for enterprises
In the not-too-distant past, data was created in a much more centralised place, and users and systems had far less access to it. Now, with digital data from social, analytics, mobile, cloud, IoT and more being created with both simultaneity and omnipresence, so much information is being collected that it’s forming a ‘centre of gravity’.More
Story image
SOC as a Service: Fortinet’s answer to today’s network challenges
Jon McGettigan, Fortinet A/NZ Regional Director, explains how SOC as a Service can back up your current SOC team, fast-track deployments and ensure regulatory compliance.More
Story image
Increased demand from enterprises to close digital gaps at the edge
Digital service providers are forecast to increase private connectivity by five times the current rates between 2019 and 2023.More
Story image
IBM expands partnership with ServiceNow to help businesses take advantage of AI
The partnership will help companies reduce operational risk and lower costs by applying AI to automate IT operations. More
Link image
How a major gas firm keeps onshore and offshore staff connected with LoopUp
With almost 2000 staff and many offices around the world, GasLog needed a reliable calling solution. Here’s how it uses LoopUp & Microsoft Teams to keep everyone connected - no matter where in the world they are.More