Microsoft is adopting the international data protection standard in the Cloud. This may prove to be an important step in the right direction, especially for business customers.
According to Microsoft, the corporation is to be the first leading provider of Cloud services to adopt the international standard for data protection in the Cloud. The adoption of ISO 27018 should reassure customers that data protection is being guaranteed in different ways.
Known as ISO/IEC 27018, the International Organisation for Standardisation (ISO) has developed a standard with the aim of creating a standardised and internationally applicable concept for the protection of personally identifiable information (or PII) stored in the Cloud.
Furthermore, Microsoft announced that the British Standards Institute (BSI) has independently verified that, in addition to Microsoft Azure, Office 365 and Dynamics CRM Online fulfil the standards for the protection of personally identifiable information in public Clouds with the “Codes of Practice”.
This step should increase the trust placed by companies in the Cloud. It sees Microsoft ensuring that companies retain control of their data. By adhering to the standard, the corporation is ensuring that personally identifiable information can only be processed in line with the procedures approved by the customer. In addition, adherence to the standard guarantees transparency in terms of restoration, transfer and destruction of personally identifiable information, which is stored by customers in Microsoft data processing centres.
Finally, as a provider, Microsoft is guaranteeing that there are precisely defined limitations concerning the handling of personally identifiable information. These include limitations regarding data transfer via public networks, storage on portable media, and suitable processes for data security and recovery. In addition, the standard stipulates that everyone who is entrusted with the processing of personally identifiable information – including Microsoft employees – signs a non-disclosure agreement.
If it is actually true that business customers only use those services that they trust, the adoption of the online data protection standard by Microsoft could prove to be an important step in the right direction.