Microsoft adopts ISO/IEC 27018 for Personal Data, Privacy Protection in the Public Cloud

Here at Evisent we are an advocate of the Microsoft Cloud, which has really progressed by leaps and bounds recently.  We are excited to see that Microsoft has adopted new standards for certifying the security of its cloud offerings, making it the first major cloud services provider to do so, the company says.

The company adopted the International Organization for Standardization and International Electro technical Commission’s standard 27018 to certify security of its cloud offerings, using the guidelines to set a standardised international approach to protecting privacy of its client’s data in the Cloud.

Microsoft’s Azure Cloud, Office 365 and Dynamics CRM Online have all been certified to meet ISO/IEC 27018’s privacy and security standards. Each of these products has been independently verified to meet these standards.

Microsoft’s compliance with ISO/IEC 27018 gives a set of assurances to client’s utilising its Cloud based services. Users are in control of their data and Microsoft can only use that information in a manner laid out by its customers. Customers are apprised of any events related to their data, which includes movement inside data centres and law enforcement requests to access information.

“We’ll not only let you know where your data is, but if we work with other companies who need to access your data, we’ll let you know who we’re working with,” says Microsoft.

Customers will be made aware of any unauthorized access to personal information or data centres that results in the alteration of disclosure of its customer’s data.

Compliance with the standard means Microsoft will continue its practice of keeping its customer’s cloud data out of the hands of advertisers. Microsoft’s enterprise customers continue to express concerns that cloud service providers could be selling their data to advertisers, but Redmond’s commitment against handing data over to marketers is now backed by its ISO/IEC 27018 certification.

The standard also sets restrictions on how the company handles personally identifiable information, including restrictions on how it is transmitted over public networks, its storage on transportable media, and processes for data recovery and restoration. Additionally, the standard requires that everyone who processes personally identifiable information is subject to confidentiality rules.

Microsoft’s ISO/IEC 27018 certification is the latest development in the company’s drive to gain the trust of current and potential cloud customers. Signing on months before Google and Apple, Microsoft is one step ahead of its rivals.