Meeting the needs of our customers remains at the forefront of what the Global Compliance and Ecosystem Team does every day, and is why we continue to invest heavily in meeting standards and regulatory requirements around the world.
I’d like to update you all on the work we’ve been doing with the following major releases and updates:
Global standards – Updates on Azure’s Cloud Security Alliance (CSA) Cloud Control Matrix (CCM) response
This month I am proud to announce the release of Microsoft Azure’s updated response to the Cloud Security Alliance's (CSA) Cloud Control Matrix (CCM) version 3.01 framework, providing an assessment of Azure’s security, privacy, and availability features and processes across the entire platform. The CSA is an industry-leading non-profit organization that is widely viewed as an open and fair broker of compliance commitments. The CCM provides a standardized and accepted set of controls which are aligned to many of the major industry certifications, such as NIST, PCI, ISO, and others. Azure’s attestation—and its entry into the CSA Security, Trust, and Assurance Registry (STAR)—provides a comprehensive “one stop shop” addressing standard requests for information that cloud customers have in order to better understand the power of Azure services.
Content Delivery and Security Association Certification expansion and guidance release
In April of this year, Azure achieved certification according to the Content Delivery and Security Association’s (CDSA) Content Protection and Security (CPS) standard. The CPS standard encompasses logical and physical security controls for digital content in the media and entertainment industry, and Azure’s certification represents a critical opportunity for customers to move secure workflows into the cloud.
The October audit includes a datacenter review and our move to an annual cycle. To accompany the audit report (which is available to customers under NDA), we have also published an implementation guide that will help customers understand the core features and policies that enable CPS standard compliance.
Healthcare guide to designing secure health solutions released
For customers in the healthcare industry, a new Practical Guide to Designing Secure Health Solutions Using Microsoft Azure provides guidance for using cloud technologies including risk management, shared responsibilities, establishing an information security management system, understanding industry and local regulations, and establishing standard operating procedures. This whitepaper recommends thirteen security principles aligned to a standard information security management standard, such as ISO 27001, and standard development processes, such as Microsoft’s Security Development Lifecycle (SDL).
China Electronics Standardization Institute renewal
In October, Azure renewed support for the Chinese ideographic character set and encoding standard through GB18030. It applies to the software processing of Chinese characters in the exchange, storage, transmission, display, input, and output of information. Microsoft Azure is certified as compliant with the mandatory part of this standard by the China Electronics Standardization Institute (CESI).
One thing you are going to see more of in the coming months is Azure in-person. Not only are there the Cloud Roadshow and Azure Tour in a city near you, but we’ll be sponsoring events around the world for specific markets such as Financial Services, Healthcare, and Digital Media and Entertainment. Look us up at any one of these forums:
- HITS Broadcast IT Summit, November 11, 2015 – New York, NY
- CSA EMEA Congress, November 17, 2015 – Berlin, Germany
- CSA APAC Congress, December 1, 2015 – Guangzhou, China
- MESA Content Protection Summit, December 2, 2015 – Los Angeles, CALA
- CSA Summit Lost Angeles 2015, December 3, 2015 – Los Angeles, CA
- IAPP Europe Data Protection Congress 2015, December 2, 2015 – Brussels, Belgium