TRUSTED CLOUD

Our commitment to provide a

cloud you can trust

Fernando Machado Priz

September 2014
Technology Trends
Driving cloud adoption

71%
Leverage economies Reshape how you Drive new and more
of scale and engage with rapid sources of
expertise customers innovation

of strategic buyers cite

scalability, cost and business
agility as the most Speed Scale Economics
important drivers for using
cloud services
2 weeks Scale from 30,000 $25,000 in the
to deliver new to 250,000 site cloud would cost
services vs. 6-12 visitors instantly $100,000 on
months with premises
traditional solution
Technology Trends
Momentum continues to accelerate

If youre resisting the

cloud because of
security concerns,
youre running out of
excuses.
The Microsoft Trusted Cloud

200+ cloud services

1+ million servers
Online
$15B+ infrastructure investment

1 billion customers
90 countries worldwide
Shared Responsibility
Reduce security costs and maintain flexibility, access, and control
Trusted Cloud Principles
Commitment to principles worthy of your organizations trust
Your content should be protected by strong security, safeguarded from hackers and
unauthorized access with the state-of-the-industry technology, process and certifications.
Your content should also be encrypted in transit and at rest.

You are in control of your content, so it should only be used and shared as permitted by
you. You should always have access to it, be able to take it with you when you leave, and
have it deleted upon request.

You can meet your obligations, your content should be stored and managed in
compliance with applicable laws, regulations and key international standards.

You know what is happening with your content, with clear, plain-language explanations
of how your cloud provider uses, manages and protects your content. You should be told
how your cloud provider will respond to law enforcement requests to access your content.
Security
Strong security protects content
Secure Development and Operations Enhanced event and administrative
Secure Development Lifecycle (SDL) access logging
Operational Security Assurance Data segregation
(OSA) Identity & Access
Encryption Commitment Multi-factor Authentication
Data in transit between a user Access monitoring
and the service (SSL, PFS) Event and incident response team
Data in transit between operating 24x7
datacenters (TSL, IPsec) Physical Security
Best-in-class industry Platform security
cryptography (PFS, 2048-bits key
lengths) Network security
Data at rest (EFS, Bitlocker) Device Guard
End-to-end encryption of
communications (S/MIME, PGP,
RMS)
8
Privacy
Customers control their content
Privacy by Design
Content and data is not used for
advertising and marketing
Protection from Government
Surveillance
No Standing Access policy
Deletion of customer data on request
and on contract termination
Customer choices for data location
Redirect law enforcement requests to
the customers
Ongoing Product investments:
Customer generated and
controlled encryption keys
protect data at rest
Customer Lockbox for Office 365
brings the customer into the
approval workflow
Compliance
Customers can store and manage their content in compliance
History and Expertise
Key security certifications and attestations
ISO 27001 Certification
ISO/IEC 27018
SOC 1, SOC 2, Cloud Security Alliance Cloud Controls Matrix, EU Model
Clauses, HIPAA BAA, FedRAMP, PCI DSS
Compliance-enabled controls
FISMA/FedRAMP
Privacy protected in contractual terms
Microsoft Trust Centers give visibility into compliance efforts
Certification Audit
Transparency
Customers know what is happening
Transparent and easy-to-understand data use policies
Visibility into where data is stored
Visibility into how data is accessed and used
Visibility into processes, policies and practices via Trust Centers
Visibility into access and usage reporting
CSA STAR
Microsoft Law Enforcement Requests Report
Government Security Program

10101010101010101010101010101010
1010101010101010101010101010101010101010101010101010
Uruguay
Security in Public Sector

Risk data in Other data in Other

Central Central Government
Administration Administration Agencies

Should be stored in There are no Just for Presidency,

secure servers in the restrictions Ministries, and its
country dependencies. No
restrictions for
other agencies
Uruguay
Security and privacy

National International Privacy

regulations standards: ISO standards: ISO
27001 27018

Therere no specific URyCDP New standard in

regulations on recommends personal information
security for cloud adopting ISO 27001; protection; Microsofts
providers Microsofts cloud is cloud was first and only
certified certified
A cloud you can trust
Commitment, confidence, credibility

Commitment to principles worthy of your trust

Standards of excellence worthy of your confidence

Experience and advocacy for a cloud-first world

Microsoft Enterprise Cloud
http://www.microsoft.com/cloud

Microsoft Azure Trust Center

http://azure.microsoft.com/en-us/support/trust-center/

Office 365 Trust Center

https://products.office.com/en-us/business/office-365-trust-center-cloud-computing-security

Dynamics CRM Online

http://www.microsoft.com/en-us/dynamics/crm-trust-center.aspx

Microsoft Law Enforcement Request Report

http://www.microsoft.com/about/corporatecitizenship/en-us/reporting/transparency/

Cyber Trust Blog

http://blogs.microsoft.com/cybertrust/