A few weeks ago, Vijay Kumar and I delivered a session at the RSA Conference in San Francisco where we discussed how you can trust a cloud provider. As we discussed in our session using the Microsoft cloud as an example, trust is perhaps one of the most fundamental aspects people need and seek out when they are in the transition to the Cloud. When you are deploying applications and assets on premise, you trust the people you employ. When you move to the cloud, you MUST find a provider that you can trust. That is something we take very seriously at Microsoft.
One of our core engineering principles by design is when you are moving to our Cloud, it is your data. You own it. You control it. It’s yours to take with you if you leave the service. At Microsoft, we are also very open and transparent over where your data resides based the choices you make as a tenant. Building on the criticality of data in the cloud, our promise on protecting data in Azure and Office 365 is comprised of four things:
- Data moving between our you and your applications to Microsoft is encrypted by default.
- Our key platform, productivity and collaboration services encrypt customer content as it moves between our data centers.
- We will use best-in-class industry cryptography to protect these channels, including Perfect Forward Secrecy and 2048-bit key lengths.
- And, as I mentioned previously, we strictly control where your data is stored and who has access to it.
Many people may ask, who has access to my data when it is stored or used by my applications in Azure? At Microsoft, across our cloud services such as Azure or Office 365, all operations, support and even development (engineering) personnel do not have standing access to your data or applications. In addition, we do not access or provide access to your data without your explicit consent. Let’s drill into this area a little more. Accordingly, our internal security analytics system is used to monitor to ensure ALL access is consistently logged, tracked and controlled using our JiT and RBAC access management system.
Here is a video of our session at the RSA Conference (about 10 minutes in length): https://youtu.be/f2v-Hu1AswM
I don’t want to spoil the whole video, but as discussed in our recorded session, our standing promise and commitment to our customers is to ensure the Microsoft cloud is highly secure, trusted, compliant, and resilient.
We know and understand that data privacy is critical you and that is why we lead with our contractual commitments to safeguard your data using world class technical, operational and legal protections. We are always advancing the cloud security space and we will continue to grow and enhance these protections globally and continuously to ensure that all of our customers globally have a cloud platform that meets their requirements, security and privacy needs.
Would you like to learn more? Why not check out the video we posted earlier this week?
David B. Cross
Engineering Director, Azure Security