As our customer base and industry footprint expand and we continue to explore the possibilities and advantages of leveraging Azure to operate our customers’ businesses and core IT functions. Today, I’m excited to introduce two new papers that address common topics our customers often ask about.
Shared responsibility
Security controls are designed to ensure technology solutions are built and maintained in ways that ensure function and security successfully coexist. This ideal holds strong in Azure where we are constantly vetting and monitoring the implementation of our security controls, as well as watching our service teams continue to innovate new functionality in the cloud environment. With that said, the cloud presents a spectrum of responsibilities based on what types of services and/or features a customer may be consuming. This is unlike more traditional on-premises information systems where most, if not all, security is implemented by the same owner.
The Shared Responsibilities for Cloud Computing paper dives into this paradigm to make it clear to potential Azure customers where Azure’s implementation of security controls ends and begins, and where the customer’s responsibilities also begin and end. The paper explores issues to consider at key security layers as you adopt cloud services in addition to examining three main cloud service delivery models: IaaS, PaaS, and SaaS.
In the journey to the cloud it’s important to identify the responsibilities a cloud customer will need to address, such as securing the data and ensuring the data is properly classified. The paper also considers a simple way to understand the responsibility model.
Security response
The Microsoft Azure Security Response in the Cloud paper examines how Azure investigates, manages, and responds to security. The Azure security incident management program is a critical responsibility for Microsoft and represents an investment that any customer using Microsoft Online Services can count on. The five-stage process presented has evolved over many years, and continues to do so. It involves a skilled team of experts dedicated to protecting Microsoft customers.
Both papers were designed to help you understand how Microsoft addresses complex processes so you can more effectively adopt Azure Cloud Services. Additional papers and guidance can be found on the Microsoft Trust Center.