Vendor Report: Microsoft® Cloud Security - 70126

Report Details

This document is an evaluation of Microsoft’s Windows Azure™ Cloud platform from a security perspective. This platform allows organizations to build Cloud applications which are then hosted in the worldwide network of Microsoft datacenters. It also allows organizations to host existing applications that run under Windows Server 2008 and certain types of data in these Microsoft datacenters. Microsoft has put considerable thought into meeting the security challenges of Cloud computing and incorporated solutions to these challenges in their offering.

Many organizations are moving towards a Cloud model to optimize the procurement of IT services from both internal and external suppliers. The Cloud is not a single model but covers a wide spectrum ranging from applications shared between multiple tenants to virtual servers used by a single customer.  The information security risks associated with Cloud computing depend upon both the service model and the delivery model adopted. The common security concerns across this spectrum are ensuring the confidentiality, integrity and availability of the services and data delivered through the Cloud environment. In addition moving to the Cloud poses some compliance challenges.

This report finds that the Microsoft Cloud offering addresses the following important security challenges:

  • Availability: Windows Azure running in the Microsoft worldwide network of datacenters provides several levels of redundancy to maximize the availability of applications and data.
  • Compliance and data privacy: Microsoft Corporation is a signatory to the Safe Harbor agreement. Customers can choose the geographic location of the data. The service operates within the Microsoft Global Foundation Services infrastructure, portions of which are ISO 27001 certified.
  • Privilege management: Microsoft deploys a range of controls to protect against unauthorized activity by operational personnel.
  • Identity and Access: Windows Azure supports a claims based approach to managing access by end users to hosted applications and data. It supports important standards like SAML, and a range of identity providers.

The Microsoft technology includes proprietary interfaces that could lead to an organization choosing this technology to become”locked-in”. Although the platform supports encryption of customer data this is not the default. KuppingerCole strongly recommend that data in the Cloud should be encrypted.

While the Microsoft technology supports confidentiality, availability of data and integrity of processing it is up to the organization to develop and configure a Cloud service built using this technology to achieve these objectives. KuppingerCole recommends that any organization intending to use the Microsoft platform should clearly define the information security requirements and evaluate how these will be met in detail.

You can get access to this document for free, if you register for KuppingerCole Select access now.

Date Title Price
Aug 29, 2011

Vendor Report: Microsoft® Cloud Security - 70126

This document is an evaluation of Microsoft’s Windows Azure™ Cloud platform from a security perspective. This platform allows organizations to build Cloud applications which are then hosted in the worldwide network of Microsoft datacenters. It also allows organizations to host…

€195.00 Get Access
Mastercard Visa PayPal INVOICE

Latest Related Reports

Leadership Compass

Leadership Compass: Infrastructure as a Service – Global Providers - 70303

The KuppingerCole Leadership Compass provides an overview of vendors and their product or service offerings in a certain market segment.  This Leadership Compass focusses on Infrastructure as a Service (IaaS) from Cloud Service providers (CSP) with a global presence and with a specific…

Executive View

Executive View: Microsoft Azure Information Protection - 72540

Microsoft Azure Information Protection creates a viable user experience for data classification and labeling of Office documents and emails. It enables sensitive data discovery; integrates data protection capabilities throughout Microsoft’s Azure, Office, and Windows environments; and…

Advisory Note

Advisory Note: Security Organization Governance and the Cloud - 72564

The cloud provides an alternative way of obtaining IT services that offers many benefits including increased flexibility as well as reduced cost.   This document provides an overview of the approach that enables an organization to securely and reliably use cloud services to…

Whitepaper

Whitepaper: GDPR Herausforderungen mit Delphix - 70368

Mit der neuen Datenschutz-Grundverordnung(GDPR) führt die EU strengeKontrollen bezüglich der Verarbeitung personenbezogener Daten von EU-Bürgernsowie hohe Geldstrafen bei Nicht-Einhaltung eben dieser ein.Die CompliancederGrundverordnungerfordert kostenintensive Kontrollen,die…

Whitepaper

Whitepaper: Meeting GDPR Challenges with Delphix - 70368

GDPR introduces stringent controls over the processing of PII relating to people resident in the EU with high penalties for non-compliance.  Compliance requires costly controls that can be justified for processing of PII with direct business benefits.  However, using PII for…

Advisory Note

Advisory Note: Cloud Services and Security - 72561

This report provides a review of the major security risks from the use of cloud services, how responsibility for security is divided between Cloud Service Provider and customer and the key controls that an organization should implement to manage these risks. 

Advisory Note

Advisory Note: How to Assure Cloud Services - 72563

This report is one of a series of documents around the use of cloud services.  It identifies how standards as well as, independent certifications and attestations can be used to assure the security and compliance of cloud services.

Leadership Compass

Leadership Compass: Enterprise Endpoint Security: Anti-Malware Solutions - 71172

This report provides an overview of the market for Enterprise Endpoint Security: Anti-Malware Solutions and provides you with a compass to help you to find the Anti-Malware product that best meets your needs.  We examine the market segment, vendor product and service functionality,…

Leadership Compass

Leadership Compass: Identity Provisioning - 71139

Leaders in innovation, product features, and market reach for Identity Provisioning. Delivering the capabilities for managing accounts and entitlements across heterogeneous IT environments on premises and in the cloud. Your compass for finding the right path in the market.

Leadership Compass

Leadership Compass: Cloud Access Security Brokers - 72534

How do you ensure secure and compliant access to cloud services without losing the agility and cost benefits that these services provide? This report gives you an overview of the market for Cloud Access Security Brokers and a compass to help you to find the product that you need.

Discover KuppingerCole

KuppingerCole Select

Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live trainings.

Blog

Blog

Some Perspective on Self-Sovereign Identity

Identity isn't hard when you don't always use it. For example, here in the natural world we are anonymous—literally, nameless—in most of our public life, and this is a handy thing. Think about it: none of us walks down the street wearing a name badge, and it would be strange to do so. A [...]

Latest Insights

Hot Topics

Spotlight

Privacy & the European Data Protection Regulation Learn more

Privacy & the European Data Protection Regulation

The EU GDPR (General Data Protection Regulation), becoming effective May 25, 2018, will have a global impact not only on data privacy, but on the interaction between businesses and their customers and consumers. Organizations must not restrict their GDPR initiatives to technical changes in consent management or PII protection, but need to review how they onboard customers and consumers and how to convince these of giving consent, but also review the amount and purposes of PII they collect. The impact of GDPR on businesses will be far bigger than most currently expect. [...]

Become a Client

Learn more about becoming a Client

Contact Us

Call Us

+49 211 2370770
Mo - Fr 8:00 - 17:00