Microsoft Azure becomes first major cloud provider to adopt ISO/IEC 27018 certification
Microsoft Azure is the first cloud provider to meet the ISO/IEC 27018 certification, set by the International Standards Organisation.
“Today marks a major milestone,” wrote Brad Smith, executive VP for Microsoft’s legal affairs team on a blog post detailing the news.
The standard was issued in July 2014 with the aim to “establish commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment”.
Smith said: “Microsoft is the first major cloud provider to adopt the world’s first international standard for cloud privacy. It’s another reason customers can move with confidence to the Microsoft Cloud.”
Despite the technical sounding name, the ISO/IEC 27018 adherence pulls Azure ahead of its competitors when it comes to personal privacy and security.
Here’s a breakdown of what Microsoft said the new standard gives its customers:
- You are in control of your data. Our adherence to the standard ensures that we only process personally identifiable information according to the instructions that you provide to us as our customer.
- You know what’s happening with your data. Adherence to the standard ensures transparency about our policies regarding the return, transfer, and deletion of personal information you store in our data centers. We’ll not only let you know where your data is, but if we work with other companies who need to access your data, we’ll let you know who we’re working with. In addition, if there is unauthorized access to personally identifiable information or processing equipment or facilities resulting in the loss, disclosure or alteration of this information, we’ll let you know about this.
- We provide strong security protection for your data. Adherence to ISO 27018 provides a number of important security safeguards. It ensures that there are defined restrictions on how we handle personally identifiable information, including restrictions on its transmission over public networks, storage on transportable media, and proper processes for data recovery and restoration efforts. In addition, the standard ensures that all of the people, including our own employees, who process personally identifiable information must be subject to a confidentiality obligation.
- Your data won’t be used for advertising. Enterprise customers are increasingly expressing concerns about cloud service providers using their data for advertising purposes without consent. The adoption of this standard reaffirms our longstanding commitment not to use enterprise customer data for advertising purposes.
- We inform you about government access to data. The standard requires that law enforcement requests for disclosure of personally identifiable data must be disclosed to you as an enterprise customer, unless this disclosure is prohibited by law. We’ve already adhered to this approach (and more), and adoption of the standard reinforces this commitment.
Last month, it was revealed that Microsoft achieved the highest year-on-year revenue growth when it comes to cloud, outperforming the growth of competitors Amazon Web Services, Google, IBM, and Rackspace.
New Q4 data from Synergy Research Group showed that really strong sequential growth at Amazon Web Services (AWS) propelled it to a five-year high in its share of the cloud infrastructure service market.
25 percent revenue growth from Q3 enabled AWS to grab a 30 percent worldwide market share in the final quarter of the year.
Take out Microsoft quiz here!