Microsoft Azure – Transparency
Microsoft by being transparent means to allow visible and clear policies insight so that customers know exactly the answers on the privacy, security and other questions about Microsoft Azure they may have.
As a customer, you should know how and where your data is stored. You may also be wanting to know the outcome of Microsoft security audit reports.
Transparency in terms of Microsoft cloud is described as the answer to the following requests:
- You know what Microsoft does to help secure your data.
- You know where your data is stored and how Microsoft manages it.
- You know who can access your data and on what terms.
- Microsoft is transparent about how Microsoft responds to government requests for your data.
- You can review the standards certifications for Microsoft services.
For those, more interested in security aspects of Microsoft public cloud services, should also be interested in the Service Trust Portal (STP). STP can only be accessed if you have paid or evaluation Office 365 Subscription (or Dynamics 365 CRM or Microsoft Azure Active Directory).
To explain what STP is, it is best described on the STP main page:
“Microsoft Service Trust Portal offers access to a deep set of security, privacy, and compliance resources, such as independent audit reports of Microsoft cloud services, risk assessments, security best practices, and other such materials.”
These materials include:
- SOC 1 and SOC 2 auditor’s reports.
- International Organization for Standardization (ISO) 27001 and 27018 audit reports and scope statements.
- Federal Risk and Authorization Management Program (FedRamp) System Security Plan.
- Office 365 Information Security Management System (ISMS) guidance.
- Governance, risk management, security assessment, and compliance white papers, FAQs, and other materials to help you perform your own risk assessment.
If you would like to learn more about STP or Microsoft Transparency approach, please visit ref. https://www.microsoft.com/en-us/TrustCenter/STP/default.aspx and ref. https://www.microsoft.com/en-us/TrustCenter/Transparency/default.aspx . The second link describes in details approach to every of above topics.