The Microsoft Approach to Compliance in the Cloud

Our customers do business in almost every industry and country around the world. Many of them need to meet regulatory compliance and certification requirements.  When they trust a cloud service provider to manage infrastructure, applications, or data for them, that service provider becomes a partner that they trust to help meet and maintain their compliance and certification requirements.  Customers that have been managing compliance obligations for their on premise information technology operations know first-hand how challenging it can be.   New requirements emerge frequently in the dynamic environments of today’s businesses.

Moving targets are nothing new in the technology industry – and we expect to help our customers navigate the various decisions they need to make, both on the way to cloud adoption and afterwards.  Many customers view compliance capabilities as a crucial decision point when choosing a cloud service provider.  So, demonstrating the ability to meet certain compliance requirements is therefore essential to delivering cloud services that customers can trust.

The term compliance can mean different things to different people, especially in the commercial cloud space.  To increase awareness as to how Microsoft handles compliance for cloud services, we’ve released a new paper titled, “The Microsoft Approach to Compliance in the Cloud”.

The paper also poses questions we encourage organizations to ask when considering a cloud service provider, such as:

• Does the provider have a proven record of delivering secure, reliable, cloud services built to enable privacy and data protection?
• Is the provider transparent about its cloud compliance capabilities, and which responsibilities are owned by customers?
• Does the provider demonstrate leadership by participating in the development and continuous improvement of industry standards that are relevant to cloud services?
• Will the provider assist the customer to help achieve and maintain their own compliance requirements?

The paper, and other cloud-related resources can be downloaded from www.microsoft.com/trustedcloud. See also these related papers on Data Classification for Cloud Readiness and CISO Perspectives on Compliance in the Cloud.

About the Author
Adrienne Hall

General Manager, Trustworthy Computing

Adrienne Hall is a General Manager in the Microsoft Trustworthy Computing group, where she leads a team of information technology (IT) professionals who are focused on the security, privacy, reliability, and accessibility of devices and services built on Microsoft technology. Read more »