Microsoft Online: Security Concerns
Ferris recently had a briefing from Microsoft on the security of its Business Process Online Services (BPOS) -- e.g., Exchange Online, SharePoint Online, etc. This presentation turned out to be of more interest to Ferris for its subtext than for the specifics it contained.
The subtext was that Microsoft was encountering concern (pushback?) from organizations about both the security of data held in Microsoft Online services, and the security of the services themselves. Stated another way, organizations appear to want to apply the same analysis to cloud-delivered services that they apply to on-premise-delivered services. We cannot believe that these concerns are unique to Microsoft, and are therefore an issue that will have to be addressed by all providers of cloud-based services and associated cloud-based data storage.
Based on the specifics of this briefing, it would appear that Microsoft is attempting to answer these concerns in a structured fashion, as opposed to responding to specific queries. Its approach is to adhere to a set of standards and conventions, and where appropriate, submit its data centers and services to third-party audit and/or certification of adherence.
Among the relevant standards and conventions are the following:
- EU Data - Safe Harbor Framework. Compliance claimed by Microsoft.
- ISO/IEC 27001:2005. Compliance certified by British Standards Institute (BSI) Management Systems America.
- SAS 70 Type II. Third-party audits claimed by Microsoft.
What remains to be seen is whether this will be sufficient to satisfy organizations of the security of Microsoft's cloud-based offerings, and if they are, what other vendors in this space (Google, Amazon, IBM, etc.) will do to achieve a similar outcome. ... Nick Shelness
Below are various active gossip threads on current events in the industry. To contribute information, follow the appropriate link or see our Gossip page for other vendor threads.