Microsoft becomes first vendor to adopt latest international cloud privacy standard
Microsoft has announced it is the first major cloud provider to adopt the ISO/IEC 27018 standard, claimed as the world’s first international standard for cloud privacy.
The standard, which was published by the International Organisation for Standardisation (ISO) last year, sets out to establish “commonly accepted control objectives, controls and guidelines for implementing measures to protect personally identifiable information in accordance with the privacy principles in [previous framework] ISO/IEC 29100 for the public cloud computing environment.”
In practical terms, this means vendors only process personally identifiable information as directed by the customer, transparency about policy regarding transfer and deletion of information stored in data centres, and defined restrictions on how personally identifiable information is handled.
Microsoft added that its Azure, Office 365 and Dynamics CRM Online products were in line with the standard.
This standard covers privacy, so differs from the Federal Risk and Authorisation Management Program, commonly known as FedRAMP. Microsoft’s cloud infrastructure passed that test back in October 2013. Since then however there have been plenty of developments in terms of data privacy; not least a US judge ordering Microsoft to give over data from a Dublin data centre in April 2014.
It’s worth noting here that the ISO/IEC 27018 doesn’t appear to be a failsafe for these issues. Microsoft added the new standard forces them to inform users about government access to data, unless the disclosure is prohibited by law.
“Customers will only use services that they trust,” Microsoft EVP legal and corporate affairs Brad Smith wrote in a blog post. “The validation that we’ve adopted this standard is further evidence of our commitment to protect the privacy of our customers online.”
You can find out more the standard here.
- » Moving from DevOps to modern ops: Why there is no room for silos when it comes to cloud security
- » Oracle wants to say goodbye to shared responsibility by ramping up autonomous next-gen cloud approach
- » How companies can tell good cloud sprawl from bad: A guide
- » How to create a cloud centre of excellence: A guide
- » SQL Server high availability and disaster recovery for AWS, Azure and GCP: A guide