Quadra

Connecting Technology and Business.

Microsoft obtains new cloud-centric ISO 27017 certification

Microsoft has announced that Microsoft Azure has obtained the ISO/IEC 27017:2015 certification, an international standard that aligns with and complements the ISO/IEC 27002:2013 with an emphasis on cloud-specific threats and risks.

 

This certification provides guidance on 37 controls in ISO/IEC 27002 and features seven new controls not addressed in ISO/IEC 27002. Both cloud service providers and cloud service customers can leverage this guidance to effectively design and implement cloud computing information security controls. Customers can download the ISO/IEC 27017 certificate which demonstrates Microsoft’s continuous commitment to providing a secure and compliant cloud environment for its customers.

 

Microsoft Azure helps customers meet their compliance requirements across a broad range of regulated industries and markets including financial services, healthcare, life sciences, media and entertainment, worldwide public sector, and US federal, state and local government.

- Office blogs

Now customers can perform a risk assessment on Office 365 services

Microsoft wants to ensure that its Office 365customers have access to the information that is relevant for them to perform a risk assessment on Office 365 services—on demand. Access to this information should be seamless.

 

To achieve these goals, they have released the Service Assurance Dashboard as part of the Office 365 Security and Compliance Center, which provides you immediate access to:

  • Details on how Office 365 implements security, privacy and compliance controls including details of how third-party independent auditors perform audits to test these controls.

  • Third-party independent audit reports including: SSAE 16 / SOC 1, SOC 2 / AT 101, ISO 27001 and ISO 27018.

  • Deep insights into how we implement encryption, incident management, tenant isolation and data resiliency.

  • Information on how you can leverage Office 365 security controls and configurations to protect your data.

While there are many detailed insights provided through Service Assurance, initial customer feedback indicates that Audited Controls are particularly helpful. The Audited Controls feature in Service Assurance helps you to understand how Office 365 protects customers' data by detailing:

  • Test status—Status of the Office 365 controls.

  • Control implementation details—Explanation of how Office 365 implements a control.

  • Testing performed to evaluate control effectiveness—How independent auditors test the effectiveness of our security, compliance and privacy controls.

  • Test date—When a control was validated.

  • Office 365 controls—How the Office 365 internal controls map to standard controls.

- Azure blog

Azure as a Backup solution for Microsoft Servers, Windows Clients and VMs

Azure Backup is a service that customers can use to back up and restore their data in the Microsoft cloud. It replaces the existing on-premises or off-site backup solution with a cloud-based solution that is reliable, secure, and cost-competitive. It also helps protect assets that run in the cloud. Azure Backup provides recovery services built on a world-class infrastructure that is scalable, durable, and highly available. 

Why use Azure Backup?

cid:image001.png@01D1FC62.BB7B0050

Traditional backup solutions have evolved to treat the cloud as an endpoint similar to disks or tape. While this approach is simple, it is also limited. It does not take full advantage of an underlying cloud platform and translates to an inefficient, expensive solution. In contrast, Azure Backup delivers all the advantages of a powerful and affordable cloud backup solution.

 

Here are some of the key benefits that Azure Backup provides:

 

Feature

Benefit

Automatic storage management

No capital expenditure is needed for on-premises storage devices. Azure Backup automatically allocates and manages backup storage, and it uses a pay-as-you-use consumption model.

Unlimited scaling

Take advantage of high availability guarantees without the overhead of maintenance and monitoring. Azure Backup uses the underlying power and scale of the Azure cloud, with its nonintrusive auto-scaling capabilities.

Multiple storage options

Choose your backup storage based on need:

·         A locally redundant storage block blob is ideal for price-conscious customers, and it still helps protect data against local hardware failures.

·         A geo-replication storage block blob provides three more copies in a paired datacentre. These extra copies help ensure that your backup data is highly available even if an Azure site-level disaster occurs.

Unlimited data transfer

There is no charge for any egress (outbound) data transfer during a restore operation from the Backup vault. Data inbound to Azure is also free. Works with the import service where it is available.

Data encryption

Data encryption allows for secure transmission and storage of customer data in the public cloud. The encryption passphrase is stored at the source, and it is never transmitted or stored in Azure. The encryption key is required to restore any of the data, and only the customer has full access to the data in the service.

Application-consistent backup

Application-consistent backups on Windows help ensure that fixes are not needed at the time of restore, which reduces the recovery time objective. This allows customers to return to a running state more quickly.

Long-term retention

Rather than pay for off-site tape backup solutions, customers can back up to Azure, which provides a compelling tape-like solution at a low cost.

 - Azure web pages

Improve compliance with Office 365 Services

Organizations own the data they keep in the cloud and they need to know how it is being handled at all times.


Microsoft is the industry leader in cloud compliance for enterprise customers. With the Office 365 E5 plan, advanced compliance is integrated into the service, so organizations can meet their unique requirements using a single cloud service.

 

Microsoft recognizes that organizations want control over access to content stored in cloud services. To maximize data security and privacy for Office 365 customers, Microsoft has engineered the service to require nearly zero interaction with customer content by Microsoft employees. Access is obtained through a rigorous access control technology called Customer Lockbox for Office 365, which helps enterprises meet compliance obligations for explicit data access authorization. In the rare instance when a Microsoft service engineer needs access to enterprise data, access control is extended to you so that you grant final approval for access. Actions taken are logged and accessible to you so that they can be audited.

 

Office 365 Advanced eDiscovery simplifies the eDiscovery process, reducing the volume of data by finding near-duplicate files, reconstructing email threads and identifying key themes and data relationships. Leveraging machine learning and predictive coding, it helps compliance administrators intelligently explore and analyze large, unstructured datasets and quickly zero in on what’s relevant to save time and money.

-Office 365 pages from the net