The Schwartz Report

Blog archive

Microsoft Talks Up Cloud Security

Microsoft may be "all-in" the cloud. But if it can't convince the world that its services are secure, it could be all-out. That may explain why Microsoft is talking up cloud security these days.

Joel Sider, a senior product manager for identity and security for Microsoft's Forefront business, reiterated Microsoft's Trustworthy Computing initiatives in a blog posting this week. "We strive to be more transparent than anyone about how we help enable more secure cloud computing," Sider wrote.

Last week, Microsoft released a comprehensive update of its Security Development Lifecycle (SDL) best practices, particularly targeted at .NET developers building apps that will run in the cloud.

"We're putting renewed effort into communicating all of our efforts to help customers and partners think thru cloud security in the right way," Sider added in an e-mail. But as I reported this month, how do you really know what's behind the curtain of any provider's cloud services?

While many cloud providers comply with such standards as SAS 70, ISO 27001, PCI and COBIT, there is no common way for them to disseminate information to partners and customers. Hence, that visibility is lacking today.

There are efforts in the works to resolve this lack of clarity. Of particular note is CloudAudit, which seeks to develop standards for how cloud providers release information to prospective and existing enterprise clients that can satisfy specific compliances and internal governance requirements.

CloudAudit uses the recently released Cloud Security Alliance (CSA) Cloud Controls Matrix -- a framework that consists of 98 controls that specify how cloud providers should release detailed guidelines on how services are audited and risk is determined.

Among those participating are Amazon, Google, Microsoft, Unisys and Rackspace, though it remains to be seen if those and other players ultimately implement the CloudAudit specs. But it is an effort worth watching. If CloudAudit is widely adopted, it could remove one barrier to cloud computing.

What do you think? Drop me a line at jschwartz@1105media.com.

Posted by Jeffrey Schwartz on June 23, 2010 at 11:59 AM


Featured

  • Microsoft Previews Whiteboard Support in Teams Rooms Devices

    A preview of a new Microsoft Teams Rooms feature will enable organizations to use images of physical whiteboards as a dynamic space for videoconferencing.

  • 2019 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss this year.

  • Microsoft Warns of Heightened Threat of 'BlueKeep' Attacks

    Older Windows systems using Microsoft's Remote Desktop Services are at acute risk of remote code execution attacks due to the "BlueKeep" vulnerability.

  • The 2019 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generation of HoloLens, here's what's on tap from Microsoft this year.