Cloud computing – the invisible revolution

Wherever we look today we see new leaps in technology. Many of them are very visible, such as smartphones, slates and social networking. But many depend on an invisible game changing technology - cloud computing.

Search, downloading and sharing photos, accessing internet TV and mobile applications among others would not be possible today without the cloud. The cloud is a tidal wave in computing technology that increases operational agility and reduces technology costs.

So powerful is this new technology that in the future, we will look at a device and not realize it is a computer, because its computing power will be based in the cloud.

We are moving from a thick to a thin client environment in everything from ATMs to High Frequency Trading. Very silently and significantly, the cloud is transforming the way we work and play.

But there are many myths about the cloud.

Myth number one is that the cloud is always a public cloud - an off premises model. But that's just one option. Cloud computing comes in many different forms and includes an on-premises option.

Myth number two is that data retained on the cloud is insecure. All the major cloud providers maintain very high data security standards. Microsoft is compliant with ISO standards, invites third parties to evaluate our security and publishes the result in the interests of transparency.

Myth number three is that cloud computing is not regulatory compliant. The following is a list of audits and assessments that the Microsoft cloud environment undergoes on a regular basis:  

  • Payment Card Industry Data Security Standard - Requires annual review and validation of security controls related to credit card transactions.
  • Media Ratings Council - Relates to the integrity of advertising system data generation and processing.
  • Sarbanes-Oxley - Selected systems are audited annually to validate compliance with key processes related to financial reporting integrity.
  • Health Insurance Portability and Accountability Act - Specifies privacy, security, and disaster recovery guidelines for electronic storage of health records.

In addition Microsoft conducts its own internal audit and privacy assessment throughout a given year, developing new ways to improve operational compliance.

 As a result, Microsoft's cloud infrastructure has achieved both SAS 70 Type I and Type II attestations and ISO/IEC 27001:2005 certification. This achievement demonstrates Microsoft's commitment to delivering a trustworthy cloud computing infrastructure because having:

  • The ISO/IEC 27001:2005 certificate validates that Microsoft has implemented the internationally recognized information security controls defined in this standard, and
  • The SAS 70 attestations illustrate Microsoft's willingness to open up internal security programs to outside scrutiny.

 Microsoft is heavily invested in the physical security of its data centers and in network security as well as data privacy and business continuity. For more details of Microsoft's cloud security please see the white paper published by Microsoft on the link below.

Finally myth number four is that moving to the cloud involves a loss of control. For many of us this is perhaps the biggest concern. But ultimately the journey to the cloud is about developing a trusting relationship with a partner that works with us to analyze our risks and address them. The end result may well be much greater control over our assets than we thought we had before.

 https://www.globalfoundationservices.com/security/documents/SecuringtheMSCloudMay09.pdf