announced that Microsoft Azure has obtained the ISO/IEC 27017:2015 certification, an
international standard that aligns with and complements the ISO/IEC 27002:2013 with
an emphasis on cloud-specific threats and risks.
certification provides guidance on 37 controls in ISO/IEC 27002 and features
seven new controls not addressed in ISO/IEC 27002. Both cloud service providers
and cloud service customers can leverage this guidance to effectively design
and implement cloud computing information security controls. Customers can
download the ISO/IEC 27017 certificate which demonstrates Microsoft’s continuous
commitment to providing a secure and compliant cloud environment for its
helps customers meet their compliance requirements across a broad range of regulated
industries and markets including financial services, healthcare, life sciences,
media and entertainment, worldwide public sector, and US federal, state and
- Office blogs
Microsoft wants to ensure that its Office 365customers have
access to the information that is relevant for them to perform a risk assessment
on Office 365 services—on demand. Access to this information should be
To achieve these goals, they have released
the Service Assurance Dashboard as part of the Office 365 Security and
Compliance Center, which provides you immediate access to:
how Office 365 implements security, privacy and compliance controls including
details of how third-party independent auditors perform audits to test these
independent audit reports including: SSAE 16 / SOC 1, SOC 2 / AT 101, ISO 27001
and ISO 27018.
insights into how we implement encryption, incident management, tenant
isolation and data resiliency.
on how you can leverage Office 365 security controls and configurations to
protect your data.
While there are many detailed insights
provided through Service Assurance, initial customer feedback indicates that
Audited Controls are particularly helpful. The Audited Controls feature in
Service Assurance helps you to understand how Office 365 protects customers' data by
status—Status of the Office 365 controls.
implementation details—Explanation of how Office 365 implements a control.
performed to evaluate control effectiveness—How independent auditors test the
effectiveness of our security, compliance and privacy controls.
date—When a control was validated.
controls—How the Office 365 internal controls map to standard controls.
- Azure blog
Azure Backup is a service that customers can use to
back up and restore their data in the Microsoft cloud. It replaces the existing
on-premises or off-site backup solution with a cloud-based solution that is
reliable, secure, and cost-competitive. It also helps protect assets that run
in the cloud. Azure Backup provides recovery services built on a world-class
infrastructure that is scalable, durable, and highly available.
Why use Azure Backup?
Traditional backup solutions have evolved
to treat the cloud as an endpoint similar to disks or tape. While this approach
is simple, it is also limited. It does not take full advantage of an underlying
cloud platform and translates to an inefficient, expensive solution. In
contrast, Azure Backup delivers all the advantages of a powerful and affordable
cloud backup solution.
Here are some of the key benefits that
Azure Backup provides:
Automatic storage management
No capital expenditure is needed for on-premises storage devices.
Azure Backup automatically allocates and manages backup storage, and it uses
a pay-as-you-use consumption model.
Take advantage of high availability guarantees without the overhead of
maintenance and monitoring. Azure Backup uses the underlying power and scale
of the Azure cloud, with its nonintrusive auto-scaling capabilities.
Multiple storage options
Choose your backup storage based on need:
A locally redundant storage block blob is ideal for price-conscious
customers, and it still helps protect data against local hardware failures.
A geo-replication storage block blob provides three more copies in a
paired datacentre. These extra copies help ensure that your backup data is
highly available even if an Azure site-level disaster occurs.
Unlimited data transfer
There is no charge for any egress (outbound) data transfer during a
restore operation from the Backup vault. Data inbound to Azure is also free.
Works with the import service where it is available.
encryption allows for secure transmission and storage of customer data in the
public cloud. The encryption passphrase is stored at the source, and it is
never transmitted or stored in Azure. The encryption key is required to
restore any of the data, and only the customer has full access to the data in the
Application-consistent backups on Windows help ensure that fixes are
not needed at the time of restore, which reduces the recovery time objective.
This allows customers to return to a running state more quickly.
Rather than pay for off-site tape backup solutions, customers can back
up to Azure, which provides a compelling tape-like solution at a low cost.
- Azure web pages
Organizations own the data they keep in the
cloud and they need to know how it is being handled at all times.
Microsoft is the industry leader in cloud
compliance for enterprise customers. With the Office 365 E5 plan, advanced
compliance is integrated into the service, so organizations can meet their
unique requirements using a single cloud service.
Microsoft recognizes that organizations want
control over access to content stored in cloud services. To maximize data
security and privacy for Office 365 customers, Microsoft has engineered the
service to require nearly zero interaction with customer content by Microsoft
employees. Access is obtained through a rigorous access control technology
called Customer Lockbox for Office 365, which helps enterprises meet compliance
obligations for explicit data access authorization. In the rare instance when a
Microsoft service engineer needs access to enterprise data, access control is
extended to you so that you grant final approval for access. Actions taken are
logged and accessible to you so that they can be audited.
Office 365 Advanced eDiscovery simplifies the
eDiscovery process, reducing the volume of data by finding near-duplicate
files, reconstructing email threads and identifying key themes and data
relationships. Leveraging machine learning and predictive coding, it helps
compliance administrators intelligently explore and analyze large, unstructured
datasets and quickly zero in on what’s relevant to save time and money.
-Office 365 pages from the net