Microsoft: Azure First to Conform to ISO Cloud Privacy Standard
Azure is the first cloud computing platform to comply with the tough ISO 27018 privacy standards, Microsoft announces.Microsoft has reached a major milestone in its cloud privacy efforts. The Redmond, Wash.-based software company's Azure cloud computing platform has been certified ISO 27018-compliant by the British Standards Institution (BSI), a first for the industry, announced Lori Woehler, principal group manager of Microsoft's Compliance and Trust unit. The testing and certification group found that Microsoft's cloud "incorporates controls that are aligned to the ISO/IEC 27018 code of practice for the protection of personally identifiable information (PII) in public clouds acting as PII processors," wrote Woehler in a Feb. 16 blog post. "ISO 27018 is the first international set of privacy controls in the cloud, and Azure is the first cloud computing platform to adopt ISO 27018." Other Azure-backed services, such as Office 365, Dynamics CRM Online and Microsoft Intune, have also adopted the standard, she added. According to the International Organization for Standardization (ISO), the standard "establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect PII in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment." ISO 27018 was published July 30, 2014. Companies that adhere to ISO 27018 cannot leverage personal data for the advertising and marketing efforts without their express consent and must make their services available to customers that opt not to allow the use of their data for such purposes, according to Woehler. In the event of a breach, the companies "should notify customers, and keep clear records about the incident and the response to it," she added.
For businesses, "ISO 27018 assures enterprise customers that privacy will be protected in several distinct ways," wrote Brad Smith, general counsel and executive vice president, Legal and Corporate Affairs, Microsoft, in a separate blog post. Notably, sensitive data that resides on Azure is cloaked in enterprise-grade data security policies and safeguards.