Posted by: Mark Estberg, Senior Director, Online Services Security and Compliance
Microsoft’s Global Foundation Services (GFS) organization delivers the global infrastructure and network for over 200 consumer and enterprise cloud services. The security, privacy and reliability expectations of the customers served by these services must be met in order to develop the level of trust necessary to support a global shift to online and cloud computing. Each of Microsoft’s online and cloud services focus on its respective customer requirements and GFS must meet the obligations that come from all of the more than 200 services because they all reside in the GFS infrastructure. While many of the capabilities must be provided at the service layer, all services have at least some level of dependency on the cloud infrastructure built, managed, and secured by GFS.
This results in a broad set of requirements that must be met and represented by GFS. These requirements stem from regulatory and statutory sources (e.g., European Union Model Clauses, United States health care requirements including HIPAA and HITECH, United States Federal Information Security Management Act, etc.), industry sources (e.g., Payment Card Industry Data Security Standard, etc.), self-selected standards (e.g., ISO 27001, SOC 1, SOC 2, etc.), as well as risk-based security expectations commemorated in our policy and business decisions.
...(read more)