Written by Ayrianne Davis, Microsoft Public Sector Dynamics Lead
Enterprise adoption of cloud-based customer relationship management (CRM) continues to grow as organizations realize the inherent benefits of easy online access to solve their needs in sales, marketing, and customer service. With this increase comes an accelerated demand for trust, as technology professionals navigate the evolving regulatory and compliance requirements across their respective industries as they relate to data privacy, protection, and sovereignty. Microsoft helps customers address these complex questions through our adherence to four commercial cloud service pillars: Privacy that Matters, Independent Verification, Leadership in Transparency, and Relentless Security.
To help customers understand the fundamentals, as well as the intricacies, of cloud services, Microsoft has developed public websites, termed Trust Centers, for each commercial online service. These sites help organizations easily find information and resolve questions regarding privacy, regulatory compliance, security, and transparency. An example of a question that the Dynamics CRM Online Trust Center addresses is: “Does Microsoft mingle my CRM Online customer data with data from other customers?” In the realm of privacy, Microsoft differs from other service providers in that our Dynamics CRM Online service does not use customer data to build search or advertising services. Furthermore, customers maintain ownership of the data stored in Dynamics CRM Online.
Microsoft is committed to transparency to help customers comply with diverse regulatory needs; we provide clear, up-to-date information about where data is stored, how it is transferred, how it is used, and who can access it. “If you are going to have any credibility with customers these days, you have to be forthright about how your service is being delivered,“ said Kim Boeh, Director Program Management, Microsoft Dynamics CRM Online. “The launch of the Microsoft Trust Centers has driven a fundamental improvement in the types of discussions we now have with our customers on the topics of security, data privacy and compliance.” During the evaluation process, the Trust Centers proactively address the key questions our customers’ security and compliance officers have. They offer great tools for them to use in performing their risk assessments and ultimately selecting the service provider they want to do business with over the long term.” For example, European customers may be concerned about how to sign European Union (EU) Model Contract Clauses to address the international transfer of data. The Dynamics CRM Online Trust Center quickly enables visibility into this area as well as other industry standards verified by third parties such as HIPAA/BAA, ISO 27001, and SSAE 16. Each year third-party audits are conducted by internationally recognized auditors to validate that we have independent attestation of compliance with our policies and procedures.
When it comes to security, Microsoft’s practice results from a culmination of over 15 years’ experience in securing online data using the principles of Microsoft’s Security Development Lifecycle approach, which provides protection at multiple levels. These levels consist of both physical and logical layers. Further details on security practices including information management, cloud infrastructure, development principles, and service continuity can be accessed through the Trust Center. “Because the content on the Trust Centers is regularly updated, we are noticing that customers seem more engaged and eager to provide feedback on the approach Microsoft is taking to solve various enterprise requirements. The Trust Center initiative is not only about providing greater transparency to our customers, it demonstrates that Microsoft takes its obligations as a service provider very seriously”, confirmed Boeh.
An additional effort in transparency is Dynamics CRM Online’s registration with the Cloud Security Alliance (CSA) Security, Trust and Assurance Registry (STAR). The Dynamics CRM Online self-assessment includes a detailed analysis of the specific controls that manage our online service and helps organizations evaluate the service before purchasing. The registry aims to reduce the effort, ambiguity, and cost associated with learning about cloud providers and their security and privacy practices. It is open to all cloud vendors and hosts their responses to specific questions pertaining to cloud security. For customers, this means more transparency and information to help them choose the best cloud provider for their specific needs. Dynamics CRM Online was the first cloud CRM service to register with CSA STAR.
The Microsoft Dynamics CRM Online Trust Center is available at http://crm.dynamics.com/trust-center. To engage with or follow the Microsoft Dynamics CRM Twitter community you may do so at @MSDynamicsCRM, using #MSDYNCRM.