The Schwartz Report

Blog archive

Microsoft Talks Up Cloud Security

Microsoft may be "all-in" the cloud. But if it can't convince the world that its services are secure, it could be all-out. That may explain why Microsoft is talking up cloud security these days.

Joel Sider, a senior product manager for identity and security for Microsoft's Forefront business, reiterated Microsoft's Trustworthy Computing initiatives in a blog posting this week. "We strive to be more transparent than anyone about how we help enable more secure cloud computing," Sider wrote.

Last week, Microsoft released a comprehensive update of its Security Development Lifecycle (SDL) best practices, particularly targeted at .NET developers building apps that will run in the cloud.

"We're putting renewed effort into communicating all of our efforts to help customers and partners think thru cloud security in the right way," Sider added in an e-mail. But as I reported this month, how do you really know what's behind the curtain of any provider's cloud services?

While many cloud providers comply with such standards as SAS 70, ISO 27001, PCI and COBIT, there is no common way for them to disseminate information to partners and customers. Hence, that visibility is lacking today.

There are efforts in the works to resolve this lack of clarity. Of particular note is CloudAudit, which seeks to develop standards for how cloud providers release information to prospective and existing enterprise clients that can satisfy specific compliances and internal governance requirements.

CloudAudit uses the recently released Cloud Security Alliance (CSA) Cloud Controls Matrix -- a framework that consists of 98 controls that specify how cloud providers should release detailed guidelines on how services are audited and risk is determined.

Among those participating are Amazon, Google, Microsoft, Unisys and Rackspace, though it remains to be seen if those and other players ultimately implement the CloudAudit specs. But it is an effort worth watching. If CloudAudit is widely adopted, it could remove one barrier to cloud computing.

What do you think? Drop me a line at [email protected]

Posted by Jeffrey Schwartz on June 23, 2010 at 11:59 AM


Featured

  • In Q&A, Microsoft Details Its Plans for Project Cortex

    Microsoft talked up its emerging "knowledge network" technology for Microsoft 365, dubbed Project Cortex, in a Q&A this week.

  • The 2020 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generations of .NET and PowerShell, here's what's on tap from Microsoft this year.

  • Microsoft Adds Linux Perks to Windows 10, Talks 'Windows Hassles'

    Microsoft unveiled a couple of notable capabilities in its latest Windows 10 test build, including a new feature to give users easier access to Linux distro files.

  • Premium-Level Azure AD Coming to Microsoft 365 Business

    Users of Microsoft 365 Business will be able to access Azure Active Directory Premium P1 licensing free of charge, Microsoft said this month.

RCP Update

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.