I was at the Cloud Asia event in Singapore recently. One of the sessions was led by an exec from Changi Airport in which he likened internet security to airport security. Jetlag and the passing of time make me hazy on the finer points of what he said, but it was a good presentation.
It made me think that the airport analogy kind of works for Microsoft. As airport users, we are unaware of many of the security precautions in place. But a few – bag scans, pat downs, patrolling police officers etc. – are very obvious.
At Microsoft many of the users of our products are unaware of much of what we do to secure our customers’ data and give them a secure and private online experience. Take the Security Development Lifecycle (SDL), a secure development process that is applied by product groups at Microsoft in an effort to reduce the number and severity of vulnerabilities. Most people do not know it exists and yet it’s there, in the background since 2004 helping to secure our products and services every day.
Every now and then we have the opportunity for our commitment to security and privacy to be more obvious. A prime example is the recent announcement by the Microsoft Office Division of Office 365 for Government. This productivity and collaboration solution provides a multi-tenant service for storing U.S. government data in a segregated cloud community.
As I’ve written before, governments place a premium on trustworthy technological solutions. Similarly, Office 365 shows Microsoft’s commitment to security and privacy by supporting regional and global standards including:
- ISO 27001
- SAS70 Type II
- EU Safe Harbor
- EU Model Clauses
- the U.S. Health Insurance Portability and Accountability Act (HIPAA)
- the U.S. Family Educational Rights and Privacy Act (FERPA)
- Federal Information Security Management Act (FISMA)
This list will continue to grow as Microsoft Office Division plans to support IPv6 in Office 365 for Government by September of this year.