Microsoft Bangs Drum For Cloud Trust

Microsoft says before cloud computing becomes the de facto IT delivery and consumption mechanism, the onus is on vendors, solution providers and partners to establish trust and prove that the cloud is secure.

"It's really as big a shift for IT as the shift from mainframes to computers," Adrienne Hall, general manager of Microsoft's Trustworthy Computing group, said in an interview.

And as cloud computing takes hold, it's up to vendors and cloud providers to offer a cloud ecosystem that is secure and to ensure the proper safeguards and checks and balances are in place.

"A key element is trust," Hall said, adding that cloud users have to determine what they are comfortable running in the cloud and that it is secure, private and reliable.

id
unit-1659132512259
type
Sponsored post

For Microsoft's part, its cloud trust initiative spans across products and groups and is a three-pronged approach that ensures secure deployment of cloud applications and environments, infrastructure and incident response.

Microsoft's push for trust in the cloud will leverage the Security Development Lifecycle (SDL) that Microsoft has leveraged since 2004 for its software offerings. SDL is a documented, auditable and traceable process for writing secure software through which all products pass a security review before they reach the market. For the cloud specifically, Hall said Microsoft has launched SDL Agile, a cloud-focused version of the SDL to secure cloud application development.

The cloud creates challenges in that the development lifecycle is shorter than with Microsoft's traditional software and packaged products. Being more fluid means closer attention has to be paid to secure processes throughout development.

In another bid for cloud trust, Hall said Microsoft will leverage Trustworthy Computing's transparency. Microsoft will ensure its infrastructure has the necessary certifications and accreditations and that regular audits are conducted by independent organizations. Additionally, Microsoft will lay out its data handling processes in hosted service agreements.

Hall added that its cloud customers' data will be stored on systems protected by both physical and technological security measures and protected with encryption. Infrastructure assets will also be subject to daily scanning.

"If there's some sort of new threat, by scanning daily we have systems that can alert us," Hall said.

Next: Incident Response Fosters Cloud Trust

And in the case of an incident, whether it is a security breach, natural disaster or other event that could potentially compromise data, incident response teams will mobilize to investigate and address the issues, Hall said. Cloud offerings will be treated by the same Microsoft Security Response Center that updates and creates workarounds to remediate and restore service in the event of a interruption, vulnerability or breach. The process will entail investigation into the scope and impact of the incident; solution development, a security update and notice of service restoration; and testing compatibility and localization.

Additional incident response includes business continuity and disaster recovery plans, protection with geo-redundant hosting for business-critical applications and data and status updates throughout the process. With cloud offerings, Hall said, those updates can come via the Microsoft Online Service Health Dashboard which shows the status of Microsoft's various cloud and online services to illustrate their availability and highlight any issues.

For partners, establishing trust in the cloud creates new opportunities. Whether they're building cloud applications, offering consulting or deploying cloud technologies, Hall said the channel will be a key component in establishing trust with cloud computing users.

"Partners become important to the trust equation," she said.

Hall said Microsoft brings its experience to the table, which should also lend a level of trust.

"We have the experience based on a legacy of security, privacy and reliability focus," she said. "We've been focusing on this for a long time."

And when it comes to cloud computing, the market's infancy, the rapid pace of growth and swift innovation are creating concerns among potential customers, requiring established trust.

"There's a faster pace that makes people question how you're on-boarding them," Hall said, adding that along with being a new IT consumption model, it also creates a new business model, and with that comes added complexity.

"We don't all necessarily know what people need to see and hear," she said. "We're all going to be learning."