Privacy considerations are embedded in the Microsoft Secure Development Lifecycle (SDL). The SDL is a software development process that helps developers build more secure software and address security and privacy compliance requirements while reducing development costs. All of Microsoft's cloud services use the SDL to help ensure that the services and their features are secure and address data protections and privacy requirements.
The SDL is made up of seven phases, including training for developers and program managers in the foundational concepts, building secure software that protects privacy, and responding to security and privacy incidents when they occur. Those seven phases are: Response, Release, Verification, Implementation, Design, Requirements and Training.
One of the tools used to drive consistent privacy practices during development is the Microsoft Privacy Standards (MPS), which define standard privacy features and practices. Because security is critical to privacy, this alignment of complementary privacy and security processes helps minimize vulnerabilities in software code, guard against data breaches, and ensure that developers factor privacy considerations into Microsoft products and services from the outset, Microsoft said.
As part of the development process, privacy reviews are performed to verify that privacy requirements are adequately addressed. Additionally, as part of its Trustworthy Computing initiative, Microsoft employs more than 40 people full-time whose sole focus is protecting privacy. There are also more than 100 other employees whose job responsibilities include maintaining data privacy. Some of these employees reside in the cloud service product groups to help ensure each service meets corporate privacy requirements. These employees work in tandem with the Trustworthy Computing privacy group, which provides guidance, education and governance enforcement on privacy issues to employees throughout the company.
Microsoft has a longstanding commitment to help organizations build on their existing technology assets, devices and data to derive value from IoT in today's mobile-first, cloud-first world. The company offers developers a range of technologies—from Windows and Azure to Visual Studio and even open-source technologies—to build IoT scenarios addressing the needs of a full spectrum of developers—from hobbyists and makers to enterprises—reflective of the diversity of their needs, interests and opportunities.
For devices, Microsoft leveraged its long history in the marketplace with Windows Embedded to introduce a number of developer offerings for IoT. These include the Windows Developer Program for IoT targeting makers announced last July. Also, Microsoft Azure enables developers to build rich IoT experiences across any device—Android, iOS and Windows—without sacrificing development productivity, and adapting to a developer's unique needs, existing systems, skills and code.