Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
By Tim Rains, Director, Trustworthy Computing
The Cloud Security Alliance’s Security Trust and Assurance Registry, or CSA STAR, provides existing and potential customers with insight into how cloud providers – Microsoft and others – are managing the security controls of their services. And at Microsoft, we believe it’s a great tool for businesses considering a move to the cloud as it gives them the visibility and transparency they are looking for to make informed decisions.
We submitted a CSA STAR self-assessment for Windows Azure last March. And in April, three major Microsoft cloud services had self-assessments in the CSA STAR. Today, we took that one step further in getting the self-assessment for Windows Azure verified via a third party. Deloitte recently completed attestation of Windows Azure’s controls relating to security, availability and confidentiality– what’s known as a SOC 2, Type 2 attestation from the American Institute of Certified Public Accountants (“AICPA”). In addition, the attestation includes adherence to the Cloud Security Alliance’s Cloud Controls Matrix (CCM), a set of publicly available security principles designed to help prospective customers when choosing a cloud provider.
For our customers, this attestation means increased transparency with verification by an industry recognized audit firm and the attestation provides a more detailed verification and transparent mechanism that demonstrates compliance to both requirements simultaneously.
SOC 2, Type 2 and CCM attestations are important milestones for Windows Azure that help provide customers with the transparency they look for. For moreinformation on SOC2, Type 2 attestation, I encourage you to check out this Windows Azure blog post.