Microsoft Azure Racks Up Cloud Compliance Certifications
In the U.S. and abroad, Microsoft is piling on the security and privacy certifications in its bid to attract more enterprise workloads to its cloud platform.Microsoft has been beefing up its Azure cloud computing platform, and the company has the certifications to prove it, according to Lori Woehler, principal group manager for Compliance and Trust at the software and cloud computing giant. Woehler revealed in an Azure blog post that Microsoft Azure had "completed an ISO 27001 renewal audit to the 2013 version of the standard, following the ISO [International Organization for Standardization] 27002 best practices for comprehensive information security and risk management." ISO 27001 is a set of standards governing information security within organizations. "Using this family of standards will help your organization manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties," states the group's website at ISO.org. Microsoft also asked British Standards Institute Americas, the company tasked with conducting the certification, "to validate that we incorporated controls that are aligned to the ISO 27018 code of practice for protection of Personally Identifiable Information (PII) in public clouds," Woehler said. "There are three big commitments enabled by these controls: Azure is 'Advertising Free,' so customers don't have to worry their data is used for advertising or marketing purposes; Azure has defined policies for the return, transfer and secure disposal of PII; and Azure proactively discloses the identities of sub-processors."
Azure is also certified for Service Organization Controls 1 and 2 Reports (SOC 1 and 2), concerning financial reporting and security, respectively. "At this time, Azure is the only global cloud service provider with a report for SOC 2 Processing Integrity, which demonstrates system processing was complete, accurate, timely, and authorized," claimed Woehler.