The Schwartz Report

Blog archive

Microsoft Talks Up Cloud Security

Microsoft may be "all-in" the cloud. But if it can't convince the world that its services are secure, it could be all-out. That may explain why Microsoft is talking up cloud security these days.

Joel Sider, a senior product manager for identity and security for Microsoft's Forefront business, reiterated Microsoft's Trustworthy Computing initiatives in a blog posting this week. "We strive to be more transparent than anyone about how we help enable more secure cloud computing," Sider wrote.

Last week, Microsoft released a comprehensive update of its Security Development Lifecycle (SDL) best practices, particularly targeted at .NET developers building apps that will run in the cloud.

"We're putting renewed effort into communicating all of our efforts to help customers and partners think thru cloud security in the right way," Sider added in an e-mail. But as I reported this month, how do you really know what's behind the curtain of any provider's cloud services?

While many cloud providers comply with such standards as SAS 70, ISO 27001, PCI and COBIT, there is no common way for them to disseminate information to partners and customers. Hence, that visibility is lacking today.

There are efforts in the works to resolve this lack of clarity. Of particular note is CloudAudit, which seeks to develop standards for how cloud providers release information to prospective and existing enterprise clients that can satisfy specific compliances and internal governance requirements.

CloudAudit uses the recently released Cloud Security Alliance (CSA) Cloud Controls Matrix -- a framework that consists of 98 controls that specify how cloud providers should release detailed guidelines on how services are audited and risk is determined.

Among those participating are Amazon, Google, Microsoft, Unisys and Rackspace, though it remains to be seen if those and other players ultimately implement the CloudAudit specs. But it is an effort worth watching. If CloudAudit is widely adopted, it could remove one barrier to cloud computing.

What do you think? Drop me a line at [email protected]

Posted by Jeffrey Schwartz on June 23, 2010 at 11:59 AM


Featured

  • Touting Azure for Operators, Microsoft Joins SDN Standards Group

    As part of its Azure for Operators program, Microsoft this week joined a nonprofit standards association that focuses on SDN technologies used by enterprises and service providers.

  • 2020 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss. (Now updated with COVID-19-related event changes.)

  • Pilot Begins of Microsoft Teams-Salesforce CRM Integration

    A new capability that lets Microsoft Teams users access information from the Salesforce.com customer relationship management (CRM) platform debuted this week.

  • The 2020 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generations of .NET and PowerShell, here's what's on tap from Microsoft this year.