Questions to ask your cloud provider

When it comes to building trust with cloud services customers, there’s no substitute for transparency. A cloud provider should be able to explain in detail how it will address the security, privacy and compliance needs of its customers.

We know that some organizations have questions — even concerns – about moving to the cloud.
We welcome the opportunity to answer those questions. Toward that end, our Office 365 team has done a great job of compiling three “Top 10” lists to help customers assess the trustworthiness of potential cloud service providers.

What will you find there? Questions like:

• Who owns the data we store in your service? Will you use our data to build advertising products?
o As a customer of Office 365, you own and control your data. We do not use your data for anything other than providing you with the service that you have subscribed for. As a service provider, we do not scan your email or documents for advertising purposes. For more information, please visit How we use your data in the Office 365 Trust Center.

• Do you offer privacy controls in your service?
o Privacy controls are enabled by default for all customers of the service and we allow you to turn off and on privacy impacting features to meet the needs of your organization. We contractually commit to the promises we make with respect to privacy and security with the data processing agreement (DPA).

• Will you inform us when things change in the service, and will you let us know if our data is compromised?
o We do inform you if there are any important changes to the service with respect to security, privacy, and compliance. We also promptly notify you if your data has been accessed improperly.

• What kind of commitments do you have with respect to security and privacy?
o On behalf of Office 365 we are willing to sign with each customer a data processing agreement, security amendment, HIPAA business associate agreement, and the EU model clauses. We also comply with standards like ISO 27001, FISMA, and Fedramp. For more information, please visit the Independently verified section of the Office 365 Trust Center.

I encourage you to read through all three lists and keep them handy as you evaluate current or prospective cloud providers. And remember you can find lots of related information on Microsoft’s Trust Centers.

About the Author
Adrienne Hall

General Manager, Trustworthy Computing

Adrienne Hall is a General Manager in the Microsoft Trustworthy Computing group, where she leads a team of information technology (IT) professionals who are focused on the security, privacy, reliability, and accessibility of devices and services built on Microsoft technology. Read more »