Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
Posted by: Tim Rains, Director, Trustworthy Computing
If you’ve been following our Cloud Fundamentals series, you’ve heard me discuss why transparency is important for both cloud service providers and their customers. Another important aspect of this theme that customers have discussed with me is how to get insight into the security controls used to manage cloud service offerings.
Many of the security professionals I have talked to are looking for assurances about the security practices and security controls that are used by the cloud service provider(s) that they are evaluating services from. Information on security controls used to operate a service can then be clearly communicated to audit and enterprise risk management groups.
Today it can be challenging getting information on the security practices used by cloud providers. Additionally it can be challenging to use such information to compare and contrast the different services offered by these providers. There are at least a couple of factors making this type of comparison harder than it should be:
The industry is working on ways to make it easier to compare the security practices used to manage cloud services. One example of this is the Cloud Security Alliance Security, Trust & Assurance Registry (STAR). In this installment of the Trustworthy Computing Cloud Fundamentals Video Series, I discuss the potential benefits of STAR and how Microsoft is leveraging it to provide visibility into the security controls that our customers are looking for, and to help our customers compare the security of some of our cloud services with other vendors’ cloud services. I’m joined by Kellie Ann Chainier, a Cloud Business Manager from Microsoft’s Worldwide Public Sector team.
If you haven’t seen the other videos in this series, you can check them out below:
Cloud Fundamentals Video Series
Please check back on this blog regularly as we continue the Cloud Fundamentals Video Series and explore topics that are important for IT professionals who are interested in cloud security, privacy, and reliability.