27018. These five numbers might not seem immediately familiar or relevant to you, but if you’re considering moving your business to the Cloud, you’ll want to get to know them as soon as you can.
ISO/IEC 27018 is the world’s first international standard for Cloud privacy. It establishes a uniform, international approach to protecting privacy for personal data stored in the cloud.
“So, what?” you might ask. Doesn’t every Cloud provider have to prove they are protecting data before they could even start delivering the most basic services to customers? You might assume so, but the reality might surprise you.
Last month, Microsoft announced that it had become the first Cloud provider to adopt ISO/IEC 27018. That’s right. The first, and so far only Cloud provider to do so.
The British Standards Institute (BSI) has now independently verified that in addition to Microsoft Azure, both Office 365 and Dynamics CRM Online are aligned with the standard’s code of practice for the protection of Personally Identifiable Information (PII) in the public cloud. Similarly, Bureau Veritas has done the same for Microsoft Intune.
This is a big deal, and I’ll tell you why.
This is a Cloud-first world, and Microsoft is one of world’s biggest Cloud service providers. We deliver more than 200 Cloud services, including Bing, MSN, Outlook.com, Office 365, OneDrive, Skype, Xbox Live and the Microsoft Azure platform.
Today, more than 1 billion customers and 20 million businesses in 90 global marketplaces use our cloud services. These services are hosted in Microsoft’s cloud infrastructure composed of more than 100 globally distributed data centres, edge computing nodes, and service operations centres.
This infrastructure is supported by one of the world’s largest multi-terabit global networks, with an extensive dark fibre footprint, that connects them all. The company’s cloud infrastructure is managed by the Microsoft Cloud Infrastructure & Operations (MCIO) team.
Despite the vast scale and scope of our Cloud operations, and our decades of experience in Cloud service delivery stretching back to the time before Cloud computing was even talked about, we do not take for granted the fact that we ask our customers to place great trust in us.
Around the world, we find our current and future customers asking a consistent set of questions aimed at working out whether they can trust our cloud services.
In late 2014, I outlined some of these questions in a blog focused on the role trustworthy Cloud services can play in the health sector.
In it, I focused on what Microsoft sees as being the four pillars of trust in cloud services – security, privacy, compliance and transparency. In each of these areas, we are constantly investing to ensure that we achieve and maintain industry leadership.
So what does all that mean for you and your business?
We believe our adherence to ISO 27018 is of great benefit to our enterprise customers for many reasons, including the following:
You are in control of your data
Our adherence to the standard ensures that we only process personally identifiable information according to the instructions that you provide to us as our customer.