Story image

Can the cloud be secure?

05 Aug 2013

Can we build a truly secure cloud?

“It’s a challenging goal,” says Adrienne Hall, general manager of Trustworthy Computing at Microsoft.

Posting on Microsoft's official blog website, Hall says security is an important consideration for organisations looking to tap the cloud’s cost savings, flexibility and scalability.

"People want to know if the cloud vendor they choose can keep their data secure and readily available, while effectively managing any unexpected events," she says.

At Microsoft, Hall says the company focuses on three main areas to build customer trust in our cloud offerings:

Development:

Hall claims all Microsoft products and services are designed and built from the ground up using Microsoft’s Security Development Lifecycle (SDL).

"All products must pass a final security review before they are released," she says.

"Whether it’s our Windows Azure cloud platform, server products like Hyper-V, or application suites like Office 365 and Microsoft Dynamics CRM."

Operations:

"We design and build our datacenters to meet internationally recognised standards, regional laws, and our own stringent security and privacy policies," Hall says. "This includes detailed security controls across multiple layers of defense.

"Our datacenter infrastructure has achieved a range of certifications and attestations, including ISO 27001, PCI Data Security Standard, SAS 70 Type 2, EU Model Clauses, U.S. HIPPAA BAA and Federal Information Security Management Act (FISMA).

Incident Response:

No matter how secure or reliable we make our products, unexpected situations occur admits Hall. When they do, Hall says Microsoft mobilises significant global resources to respond quickly, comprehensively, and effectively to incidents.

"All that said, it’s important to remember that organisations that choose the cloud are not devolving 100 percent of their security responsibilities," she says.

"The cloud service provider will take on a great many security responsibilities, but not all of them.

"Customers will typically need to maintain “client security” at their own locations or among their workforce – ensuring up to date antivirus, for example, or educating employees on the importance of using strong passwords."

Can businesses build a truly secure cloud? Tell us your thoughts below

Intel building US’s first exascale supercomputer
Intel and the Department of Energy are building potentially the world’s first exascale supercomputer, capable of a quintillion calculations per second.
NVIDIA announces enterprise servers optimised for data science
“The rapid adoption of T4 on the world’s most popular business servers signals the start of a new era in enterprise computing."
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
Storage is all the rage, and SmartNICs are the key
Mellanox’s Kevin Deierling shares the results from a new survey that identifies the key role of the network in boosting data centre performance.
Opinion: Moving applications between cloud and data centre
OpsRamp's Bhanu Singh discusses the process of moving legacy systems and applications to the cloud, as well as pitfalls to avoid.
Global server market maintains healthy growth in Q4 2018
New data from Gartner reveals that while there was growth in the market as a whole, some of the big vendors actually declined.
Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.
Huawei to deploy Open Rack in all its public cloud data centres
Tech giant Huawei has unveiled plans to adopt Open Rack proposed by the Open Compute Project in its new public cloud data centres across the globe.