Archive

Archive for the ‘Compliance’ Category

A cornerstone to trust in technology – compliance – proves foundational as more U.S. government organizations adopt cloud services

April 13th, 2015 No comments

Government agencies want the economic benefits of cloud computing, but this alone isn’t always enough to make the case for change. To move forward, decision makers want to understand the security, privacy and compliance commitments of their cloud service provider. We continue to track and complete a number of attestations and compliance certifications, confirming controls are in place that help enable cloud solutions for government organizations. And, while compliance represents a necessary set of requirements for many governments prior to Cloud adoption, customers also tell us that these investments are helping increase IT security and are therefore integral to decision-making.

One recent example in the United States, is the Criminal Justice Information System (CJIS), a division of the U.S. Federal Bureau of Investigation that operates systems to provide state, local, and federal law enforcement, and criminal justice agencies, with access to criminal justice information. In April, the California Department of Justice confirmed that Microsoft Azure Government cloud solutions complied with CJIS standards for handling criminal justice information in the cloud. In addition to the State of California, Microsoft has signed CJIS agreements for Office 365, Azure, or Dynamics CRM Online in 11 states, including Texas, Michigan, Kansas, and Pennsylvania, and more are still to come.

To outline how U.S. government IT departments are using the cloud to become more secure, we’ve also produced an infographic. For U.S. government entities who want to learn more about the cloud in general, and the cloud services available today, I encourage a visit to our dedicated site.

Obtaining new certifications or updating current ones can be a complicated task. Whether CJIS requirements, FedRAMP, IRS 1075, or HIPAA, organizations rely on their cloud service provider to adhere to these requirements as well as provide the tools necessary to confirm compliance. If you’re interesting in learning more about what we’re doing in the area of compliance, the Azure Trust Center, the Office 365 Trust Center and the Dynamics CRM Trust Center all provide summary level and detailed information.

Transparency & Trust in the Cloud Series: Cincinnati, Cleveland, Detroit

March 17th, 2015 No comments
 Customers at the Transparency & Trust in the Cloud Series event in Detroit

Customers at the Detroit “Transparency & Trust in the Cloud” event.

I had the opportunity to speak at three additional Transparency & Trust in the Cloud events last week in Cincinnati, Cleveland, and Detroit. These were the latest in the series that Microsoft is hosting, inviting customers to participate in select cities across the US.

For me personally, these events provide the opportunity to connect with customers in each city and learn which security and privacy challenges are top of mind for them. In addition, I get to hear first-hand, how customers have been using the Cloud to drive their businesses forward, or, if they haven’t yet adopted Cloud services, what’s holding them back. I feel very fortunate as the participating CIOs, their in-house lawyers, CISOs, and IT operations leaders haven’t been shy about sharing the expectations they have for prospective Cloud Providers, specifically around security, privacy, and compliance.

I was joined by other Microsoft Cloud subject matter experts: Microsoft’s Assistant General Counsel, Dennis Garcia, Principal IT Solution Manager, Maya Davis, Director of Audit and Compliance, Gabi Gustaf, and Cloud Architect, Delbert Murphy. This diverse cast helped provide an overview of the Microsoft Trustworthy Cloud Initiative from their unique perspectives and answer a range of technology, business process, and legal questions from attendees.

Here are just some of the types of questions these events garner, most recently in these three cities:

  • How does eDiscovery work in Microsoft’s Cloud? (see related posts)
  • What data loss prevention capabilities does Microsoft offer for Office 365, OneDrive and Microsoft Azure?
  • What data does Microsoft share with customers during incident response investigations?
  • Which audit reports does Microsoft provide to its Cloud customers?
  • What terms does Microsoft include in its Cloud contracts to help customers manage regulatory compliance obligations in EU nations?
  • What does the new ISO 27018 privacy certification that Microsoft has achieved for its four major Cloud solutions provide to Microsoft’s Cloud customers (and Microsoft is the only major Cloud provider to achieve ISO 27018 certification)?

These are great conversations! Thank you to all of the customers that have attended and participated in recent events.

There are still a few more scheduled in different cities across the country. If you are a customer and would like to learn more about the Microsoft approach to building the industry’s most trustworthy Cloud, please reach out to your account team to find out if one of these events is coming to your area.

I’m looking forward to seeing customers in Omaha and Des Moines in just a couple of weeks.

Microsoft achieves globally recognized ISO/IEC 27018 privacy standard

February 16th, 2015 No comments

Today Microsoft announced its continued commitment to further protect customers’ privacy by obtaining the globally recognized ISO/IEC 27018 privacy standard for Microsoft Azure, Office 365, and Dynamics CRM Online. This achievement is designed to help assure customers of all sizes, that their most sensitive personal data will receive the strong privacy protections detailed in this standard.

We know that our customers rely on us as their cloud service provider, to continually enhance security, ensure data privacy and manage compliance expectations. There are a lot of certifications to pursue; you can be confident we’ll cut through the clutter and focus on what’s important. Microsoft’s achievement of the ISO 27018 standard will ensure additional practices are put in place to help protect your data. For more details on this important milestone, please read Brad Smith’s blog.

 

Blocking Remote Use of Local Accounts

September 3rd, 2014 No comments

The use of local accounts for remote access in Active Directory environments is problematic for a number of reasons. By far, the biggest problem is that when an administrative local account has the same user name and password on multiple machines, an…(read more)

Blocking Remote Use of Local Accounts

September 3rd, 2014 No comments

The use of local accounts for remote access in Active Directory environments is problematic for a number of reasons. By far, the biggest problem is that when an administrative local account has the same user name and password on multiple machines, an…(read more)

What’s New in Recommended Security Baseline Settings for Windows 8.1, Windows Server 2012 R2, and Internet Explorer 11

August 16th, 2014 No comments

The attachment on this post describes what's new in the security baseline recommendations for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11, relative to the baselines published for Windows 8, Windows Server 2012 and Internet Explorer…(read more)

What’s New in Recommended Security Baseline Settings for Windows 8.1, Windows Server 2012 R2, and Internet Explorer 11

August 16th, 2014 No comments

The attachment on this post describes what's new in the security baseline recommendations for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11, relative to the baselines published for Windows 8, Windows Server 2012 and Internet Explorer…(read more)

Configuring Account Lockout

August 14th, 2014 No comments

We can recommend an ideal configuration for most of the settings in our security guidance. For example, the “Debug programs” privilege should be granted to Administrators and to no one else. For account lockout, however, there is no “one…(read more)

Configuring Account Lockout

August 14th, 2014 No comments

We can recommend an ideal configuration for most of the settings in our security guidance. For example, the “Debug programs” privilege should be granted to Administrators and to no one else. For account lockout, however, there is no “one…(read more)

Changes in the Security Guidance for Windows 8.1, Server 2012 R2 and IE11 since the beta

August 14th, 2014 No comments

We have made a small number of changes in the baseline security guidance for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11 since we released the beta version of our guidance last April. This blog post discusses those changes and the reasons…(read more)

Changes in the Security Guidance for Windows 8.1, Server 2012 R2 and IE11 since the beta

August 14th, 2014 No comments

We have made a small number of changes in the baseline security guidance for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11 since we released the beta version of our guidance last April. This blog post discusses those changes and the reasons…(read more)

Why We’re Not Recommending “FIPS Mode” Anymore

April 7th, 2014 No comments

In the latest review of the official Microsoft security baselines for all versions of Windows client and Windows Server, we decided to remove our earlier recommendation to enable “FIPS mode”, or more precisely, the security option called “System…(read more)

Why We’re Not Recommending “FIPS Mode” Anymore

April 7th, 2014 No comments

In the latest review of the official Microsoft security baselines for all versions of Windows client and Windows Server, we decided to remove our earlier recommendation to enable “FIPS mode”, or more precisely, the security option called “System…(read more)

Security Compliance Manager 3.0 now available for download!

February 5th, 2013 No comments

Secure your environment with SCM 3.0!
The Security Compliance Manager (SCM) is a free tool from the Microsoft Solution Accelerators team that enables you to quickly configure and manage the computers in your environment and your private cloud using…(read more)

Security Compliance Manager 3.0 now available for download!

February 5th, 2013 No comments

Secure your environment with SCM 3.0!
The Security Compliance Manager (SCM) is a free tool from the Microsoft Solution Accelerators team that enables you to quickly configure and manage the computers in your environment and your private cloud using…(read more)

Security Compliance Manager 3.0 now available for download!

February 5th, 2013 No comments

Secure your environment with SCM 3.0!
The Security Compliance Manager (SCM) is a free tool from the Microsoft Solution Accelerators team that enables you to quickly configure and manage the computers in your environment and your private cloud using…(read more)

The Data Classification Toolkit for Windows Server 2012 is now available!

September 19th, 2012 No comments

Get the most out of Windows Server 2012 with new features that help you to quickly identify, classify, and protect data in your private cloud!
This toolkit is designed to help you to:

Identify, classify, and protect data on file servers in your…(read more)

The Data Classification Toolkit for Windows Server 2012 is now available!

September 19th, 2012 No comments

Get the most out of Windows Server 2012 with new features that help you to quickly identify, classify, and protect data in your private cloud!
This toolkit is designed to help you to:

Identify, classify, and protect data on file servers in your…(read more)

The Data Classification Toolkit for Windows Server 2012 is now available!

September 19th, 2012 No comments

Get the most out of Windows Server 2012 with new features that help you to quickly identify, classify, and protect data in your private cloud!
This toolkit is designed to help you to:

Identify, classify, and protect data on file servers in your…(read more)

There’s still time to participate in the Data Classification Toolkit for Windows Server 8 Beta review!

The Data Classification Toolkit for Windows Server 8 Beta (DCT) review period will soon close, but there is still time to participate. Thanks to all of you who have already downloaded the beta release and provided us with your feedback. Your input helps…(read more)