The Schwartz Report

Blog archive

Microsoft Talks Up Cloud Security

Microsoft may be "all-in" the cloud. But if it can't convince the world that its services are secure, it could be all-out. That may explain why Microsoft is talking up cloud security these days.

Joel Sider, a senior product manager for identity and security for Microsoft's Forefront business, reiterated Microsoft's Trustworthy Computing initiatives in a blog posting this week. "We strive to be more transparent than anyone about how we help enable more secure cloud computing," Sider wrote.

Last week, Microsoft released a comprehensive update of its Security Development Lifecycle (SDL) best practices, particularly targeted at .NET developers building apps that will run in the cloud.

"We're putting renewed effort into communicating all of our efforts to help customers and partners think thru cloud security in the right way," Sider added in an e-mail. But as I reported this month, how do you really know what's behind the curtain of any provider's cloud services?

While many cloud providers comply with such standards as SAS 70, ISO 27001, PCI and COBIT, there is no common way for them to disseminate information to partners and customers. Hence, that visibility is lacking today.

There are efforts in the works to resolve this lack of clarity. Of particular note is CloudAudit, which seeks to develop standards for how cloud providers release information to prospective and existing enterprise clients that can satisfy specific compliances and internal governance requirements.

CloudAudit uses the recently released Cloud Security Alliance (CSA) Cloud Controls Matrix -- a framework that consists of 98 controls that specify how cloud providers should release detailed guidelines on how services are audited and risk is determined.

Among those participating are Amazon, Google, Microsoft, Unisys and Rackspace, though it remains to be seen if those and other players ultimately implement the CloudAudit specs. But it is an effort worth watching. If CloudAudit is widely adopted, it could remove one barrier to cloud computing.

What do you think? Drop me a line at [email protected]

Posted by Jeffrey Schwartz on June 23, 2010 at 11:59 AM


Featured

  • The 2021 Microsoft Product Roadmap

    From Windows 10X to the next generation of Microsoft's application server products, here are the product milestones coming down the pipeline in 2021.

  • The Future of Windows Server Includes Less Frequent Updates

    Microsoft is ending its practice of issuing semiannual channel updates for most Window Server editions, turning instead to long-term servicing channel updates.

  • Notebook

    Microsoft Bolsters Dynamics 365 with Suplari Acquisition

    An acquisition announced by Microsoft on Wednesday promises to bring AI solutions for assessing supply-chain spending to the Dynamics 365 product.

  • Microsoft Announces Positive Q4 Revenue Results of $46.2B

    Microsoft on Tuesday reported $46.2 billion in total revenue during its fiscal-year 2021 Q4 period, up 21% from the same quarter last year.