News

Windows Azure Clears Deloitte & Touche Security Compliance Audit

Microsoft recently became the first cloud service provider to pass a Service Organizations Control (SOC) 2 Type II audit conducted by Deloitte & Touche, a new security compliance audit recommended by the Cloud Security Alliance (CSA).

The audit included CSA's Level 2 Cloud Control Matrix assessment, which the CSA recommends as "likely to meet the assurance and reporting needs of the majority of users of cloud services," the CSA noted on Thursday.

The CSA is a nonprofit organization that promotes cloud computing security. It's led by a roster of corporate members and provides a Security, Trust and Assurance Registry (STAR) of companies with more than 30 entities.

SOC is the audit recommended for service providers by the American Institute of Certified Public Accountants after that organization eliminated using the SAS 70 reporting standard. CSA recommended specifically using the SOC 2 Type II attestation examination with its Cloud Control Matrix for cloud service providers, based on a position paper recommendation. SOC 2 pertains to the "security, availability, or processing integrity of a system or the confidentiality, or privacy of the information processed by the system," according to that position paper.

Microsoft noted the audit results in a blog post, indicating that it is committed to Windows Azure "security, privacy and compliance." Its Windows Azure compliance resources can be accessed via its Trust Center portal here.

However, as a U.S.-based company, Microsoft is subject to flexible interpretations of U.S. law via the U.S.A. PATRIOT Act, which includes not disclosing U.S. government data access requests. For instance, Microsoft's FAQ at the Trust Center indicates that "if compelled to disclose Customer Data to a third party, we will use commercially reasonable efforts to notify you in advance of a disclosure unless legally prohibited from doing so."

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • An image of planes flying around a globe

    2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Microsoft to Shut Down Skype Services

    Microsoft will discontinue its Skype telecommunications and video calling services on May 5, 2025, marking the end of the platform's decades-long run.

  • Big Blue To Acquire Datastax in Enterprise AI Play

    In a bid to bolster its enterprise-aimed AI capabilities, IBM is planning to acquire Datastax, a leading AI and data solutions provider, for an undisclosed amount.

  • Microsoft Confirms End of HoloLens Mixed Reality Hardware

    Microsoft officially announced this week that it is discontinuing its HoloLens mixed reality hardware, marking the end of its efforts in the space.

Most   Popular