The Cloud Security Alliance’s Security Trust and Assurance Registry, or CSA STAR, provides existing and potential customers with insight into how cloud providers – Microsoft and others – are managing the security controls of their services. And at Microsoft, we believe it’s a great tool for businesses considering a move to the cloud as it gives them the visibility and transparency they are looking for to make informed decisions.
We submitted a CSA STAR self-assessment for Windows Azure last March. And in April, three major Microsoft cloud services had self-assessments in the CSA STAR. Today, we took that one step further in getting the self-assessment for Windows Azure verified via a third party.
Deloitte recently completed attestation of Windows Azure’s controls relating to security, availability and confidentiality– what’s known as a SOC 2, Type 2 attestation from the American Institute of Certified Public Accountants (“AICPA”). In addition, the attestation includes adherence to the Cloud Security Alliance’s Cloud Controls Matrix (CCM), a set of publicly available security principles designed to help prospective customers when choosing a cloud provider.
For our customers, this attestation means increased transparency with verification by an industry recognized audit firm and the attestation provides a more detailed verification and transparent mechanism that demonstrates compliance to both requirements simultaneously.
SOC 2, Type 2 and CCM attestations are important milestones for Windows Azure that help provide customers with the transparency they look for. For more
information on SOC2, Type 2 attestation, I encourage you to check out this Windows Azure blog post.