Microsoft Azure provides services that can help address the security and compliance needs of Microsoft customers. We work with customers to understand their assurance concerns, and we help define customer responsibilities as well as our own with regard to protecting customer data and environmental infrastructure after services are provisioned. Such infrastructure includes applications, data, virtual machines, user/device/service credentials, and compliance requirements.
With this in mind and in the wake of the recent landmark vote in the UK calling for the invocation of Article 50 of the Lisbon Treaty, customers should consider their implementation strategies for both on-premises and cloud-based services to ensure they meet their compliance obligations.
The 14 Cloud Security Controls for the UK cloud whitepaper provides insight into how Azure services align with the fourteen cloud security principles set forth in the CESG/NCSC 1 publication Implementing the Cloud Security Principles, thereby enabling organizations to fast-track their ability to meet their compliance obligations using cloud-based services globally and in the UK.
To get the most out of the Microsoft cloud platform, readers should be familiar with basic Azure and cloud computing concepts, as well as security and compliance fundamentals—they will not be discussed here. Links to additional materials can be found on the Get started with Azure webpage as well as through the Microsoft Trust Center and the Azure Security Information portal.