The international standard guarantees the security of Microsoft cloud services
Microsoft became the first major cloud service provider which received the first international standard for the protection of personal data in the cloud. This standard brings important practical benefits for enterprise customers around the world. It’s called ISO/IEC 27018 and developed by the International organization for standardization (ISO) with the goal of creating a unified international approach to protecting privacy for personal data stored in the cloud.
The company adds that the British standardization Institute (BSI) has conducted an independent check to ensure that Microsoft Azure, Office 365 and Dynamics CRM Online are aligned with the code of practice for protection of personally identifiable information (PII) in public clouds. «Bureau Veritas» (Bureau Veritas) has done the same for Microsoft Intune.
The presence of such a standard means that personal user data will be protected in several ways.
- The client manages their data. Compliance with the standard ensures that personal information is processed only in accordance with instructions provided by customers;
- The client knows what is happening with his data. Adherence to the standard ensures transparency about Microsoft policy from the point of view of return, transfer and deletion of personal data stored in the data center of the company. In case of unauthorized access to personal information the company is obliged to inform the client;
- Reliable protection of client data. ISO 27018 provides a number of important security safeguards. It guarantees the existence of certain restrictions on the handling of personal information by Microsoft, including restrictions on its transmission over public networks, save to portable media storage and related processes for data recovery. In addition, the standard ensures that all persons, including the Microsoft employees that handle personal data have the obligation to observe confidentiality;
- Data will not be used for advertising. More and more corporate clients are expressing concerns about cloud service providers that use their data for advertising purposes without their consent. The adoption of this standard reaffirms Microsoft’s longstanding commitment not to use customer data for advertising purposes;
- Notification of possible access of public authorities to the data. In accordance with the standard requirement of law enforcement agencies to disclose a customer’s personal information should be made only if not prohibited by law. Microsoft has already adopted this and other approaches, and the adoption of the standard reinforces this commitment.