Microsoft’s Dynamics CRM Online has also been assessed and certified as complying with Level 2 of MTCS SS, which is designed to address the needs of most organisations running business critical data and systems through a set of more stringent security controls to protect business and personal information in potentially moderate impact information systems using cloud services.
The Microsoft Cloud has received the most certifications and attestations from around the world for compliance – including being the first cloud computing platform to confirm to ISO/IEC 27018, the only international set of privacy controls in the cloud. With the new developments, Microsoft remains the first and only global cloud service provider (CSP) to obtain certification across its infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS) and software-as-a-service (SaaS) cloud services – having achieved Level 1 certification for Azure and Office 365 in October 2014. To date, Dynamics CRM Online is also the only customer relationship management SaaS that has been MTCS certified.
The Microsoft Cloud has received the most certifications and attestations from around the world for compliance – including being the first cloud computing platform to confirm to ISO/IEC 27018, the only international set of privacy controls in the cloud. With the new developments, Microsoft remains the first and only global cloud service provider (CSP) to obtain certification across its infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS) and software-as-a-service (SaaS) cloud services – having achieved Level 1 certification for Azure and Office 365 in October 2014. To date, Dynamics CRM Online is also the only customer relationship management SaaS that has been MTCS certified.
Microsoft further received the United States Defence Information System Agency (DISA)3 Level 2, Japan Financial Industry Information Systems (FISC)4, and New Zealand Government Chief Information Officer (GCIO)5 recently. These new certifications, self-attestations and guidance framework adoptions are the latest examples of how Microsoft is continuing to invest heavily in compliance programmes, and in the design and implementation of innovative compliance processes.
As part of a new collaboration inked in June 2015, Microsoft will also be collaborating with the Infocomm Development Authority of Singapore (IDA) on the Support for Cloud-enabled Certified Secure SaaS (SUCCESS) programme. Through this programme, Microsoft will share its own certification journey and proactively reach out to independent software vendors (ISVs) to help them undertake MTCS certification with the necessary support and training. Collectively, these proactive certifications help build more trust by users who will come to depend on the cloud more and more on optimising operations and innovating processes.
MTCS SS 584 is Singapore’s cloud security standard, developed to help drive cloud adoption across industries by giving clarity around the security service levels of CSPs, while also increasing the level of accountability and transparency from CSPs. Through MTCS SS 584, CSPs will be able to better spell out the levels of security that they can offer to users through third-party audit and certification, and a self-disclosure requirement covering service-oriented information normally captured in service level agreements. This self-disclosure allows users that rely on cloud services to better understand and assess the cloud security they require. Areas of self-disclosure include: data retention, data sovereignty, data portability, liability, availability, business continuity, disaster recovery, as well as incident and problem management. Comprehensive audits are also conducted at data centres, and of areas from firewall configurations to the background on resources operating the data centres.
“IDA takes pride that CSPs such as Microsoft are upgrading themselves proactively to meet the needs of enterprises and rolling it out worldwide. Continued strengthening of their security standards will help increase the confidence in cloud computing and benefit businesses as more of them choose to move their storage to the cloud,” said Khoong Hock Yun, Assistant Chief Executive of the Infocomm Development Authority of Singapore.
“The speed with which we have brought the most complete and comprehensive cloud portfolio in the market to MTCS reinforces Microsoft’s commitment to accelerate Singapore’s cloud adoption and cloud innovation across industries,” said Jessica Tan, Managing Director for Microsoft Singapore.
As part of a new collaboration inked in June 2015, Microsoft will also be collaborating with the Infocomm Development Authority of Singapore (IDA) on the Support for Cloud-enabled Certified Secure SaaS (SUCCESS) programme. Through this programme, Microsoft will share its own certification journey and proactively reach out to independent software vendors (ISVs) to help them undertake MTCS certification with the necessary support and training. Collectively, these proactive certifications help build more trust by users who will come to depend on the cloud more and more on optimising operations and innovating processes.
MTCS SS 584 is Singapore’s cloud security standard, developed to help drive cloud adoption across industries by giving clarity around the security service levels of CSPs, while also increasing the level of accountability and transparency from CSPs. Through MTCS SS 584, CSPs will be able to better spell out the levels of security that they can offer to users through third-party audit and certification, and a self-disclosure requirement covering service-oriented information normally captured in service level agreements. This self-disclosure allows users that rely on cloud services to better understand and assess the cloud security they require. Areas of self-disclosure include: data retention, data sovereignty, data portability, liability, availability, business continuity, disaster recovery, as well as incident and problem management. Comprehensive audits are also conducted at data centres, and of areas from firewall configurations to the background on resources operating the data centres.
“IDA takes pride that CSPs such as Microsoft are upgrading themselves proactively to meet the needs of enterprises and rolling it out worldwide. Continued strengthening of their security standards will help increase the confidence in cloud computing and benefit businesses as more of them choose to move their storage to the cloud,” said Khoong Hock Yun, Assistant Chief Executive of the Infocomm Development Authority of Singapore.
“The speed with which we have brought the most complete and comprehensive cloud portfolio in the market to MTCS reinforces Microsoft’s commitment to accelerate Singapore’s cloud adoption and cloud innovation across industries,” said Jessica Tan, Managing Director for Microsoft Singapore.
“People will only use information technology they can trust. Microsoft’s cloud portfolio is the most trusted with 22 certifications, self-attestations and guidance framework adoptions from around the world, more than any other hyper-scale cloud platform provider. We hope to build on that trust to draw on the opportunities provided by an intelligent cloud to optimise public, business and community services and experiences – to reinvent productivity and business processes.”
1 Azure services include Virtual Machines (IaaS), Cloud Services, Batch, Web App, Mobile Services, Core, Notification Hubs, Storage, SQL Database, HDInsight, Virtual Network, Traffic Manager, Express Route, Service Bus, BizTalk Services, Backup, Site Recovery, Azure Active Directory, Multi-factor Authentication, Rights Management Service, Media Services, Scheduler, Azure Management Portal, and SQL Server Virtual Machine.
2 Office 365 services include Exchange Online, SharePoint Online, Skype for Business, Office Online, and OneDrive for Business.
3 Azure was granted a DISA Provisional Authorization for Cloud Security Model Level 2 under a reciprocal agreement with the FedRAMP JAB. DISA Level 2 certification allows Defense agencies to host basic defense applications on Azure.
4 Azure has been assessed to meet the requirements for The Center for Financial Industry Information Systems (FISC) in Japan. The FISC guidance includes recommendations for banking computer systems security, information system audits, contingency planning, and security policy development, and allows Japanese banks and financial institutions to run cloud services on Azure.
5 Azure meets the requirements for The New Zealand Government Chief Information Officer (GCIO) framework covering security and privacy of cloud services related to data sovereignty, governance and incident response. GCIO provides assurance to New Zealand government organisations that the privacy and security aspects of Azure effectively mitigate privacy and security risks, and address concerns related to data sovereignty.
1 Azure services include Virtual Machines (IaaS), Cloud Services, Batch, Web App, Mobile Services, Core, Notification Hubs, Storage, SQL Database, HDInsight, Virtual Network, Traffic Manager, Express Route, Service Bus, BizTalk Services, Backup, Site Recovery, Azure Active Directory, Multi-factor Authentication, Rights Management Service, Media Services, Scheduler, Azure Management Portal, and SQL Server Virtual Machine.
2 Office 365 services include Exchange Online, SharePoint Online, Skype for Business, Office Online, and OneDrive for Business.
3 Azure was granted a DISA Provisional Authorization for Cloud Security Model Level 2 under a reciprocal agreement with the FedRAMP JAB. DISA Level 2 certification allows Defense agencies to host basic defense applications on Azure.
4 Azure has been assessed to meet the requirements for The Center for Financial Industry Information Systems (FISC) in Japan. The FISC guidance includes recommendations for banking computer systems security, information system audits, contingency planning, and security policy development, and allows Japanese banks and financial institutions to run cloud services on Azure.
5 Azure meets the requirements for The New Zealand Government Chief Information Officer (GCIO) framework covering security and privacy of cloud services related to data sovereignty, governance and incident response. GCIO provides assurance to New Zealand government organisations that the privacy and security aspects of Azure effectively mitigate privacy and security risks, and address concerns related to data sovereignty.
No comments:
Post a Comment