Symantec’s 2011 State of the Cloud Survey found that although 87% of the 5300 respondents (from 38 countries) said that “moving to the cloud will not impact or will actually improve their security,” security remains their top concern with worries about mass malware outbreak, sharing of sensitive data, and data spillage in mutli-tenanted environments being cited.
After nearly three years of presenting on Windows Azure, I’d have to say my experiences bear that out: some of the most common and most difficult questions to answer concern security and compliance. Most of my responses are prefaced with an IANAL disclaimer and end with a mass of acronyms and digits like ISO 27001, SAS 70, SSAE 16, FISMA, and terms like Safe Harbor and Business Associate Agreements, and of course the “answer” is continually changing as new services come on-line, and existing services achieve various levels of accreditation.
Enter the Windows Azure Trust Center, your one-stop, definitive resource on how Microsoft is addressing your security, compliance, and privacy needs in the cloud. The site maintains a “last updated” date at the top of the page (which I’m finding to be more and more necessary when researching information that changes as quickly as the cloud computing landscape does).
There are a few key sections to the Trust Center:
- Security: a list of resources on measures we implement for Windows Azure as well as best practices for building secure applications on top of Windows Azure,
- Privacy: what we do and don’t do with your data,
- Compliance: references on our compliance programs, such as what our ISO/IEC 27001:2005 certification covers (and does not), and
- Frequently Asked Questions (FAQ).
This is one site you’ll likely want to bookmark, especially if you are in an organization with specific compliance or security concerns.