Vendor Report: Microsoft® Cloud Security - 70126

Report Details

This document is an evaluation of Microsoft’s Windows Azure™ Cloud platform from a security perspective. This platform allows organizations to build Cloud applications which are then hosted in the worldwide network of Microsoft datacenters. It also allows organizations to host existing applications that run under Windows Server 2008 and certain types of data in these Microsoft datacenters. Microsoft has put considerable thought into meeting the security challenges of Cloud computing and incorporated solutions to these challenges in their offering.

Many organizations are moving towards a Cloud model to optimize the procurement of IT services from both internal and external suppliers. The Cloud is not a single model but covers a wide spectrum ranging from applications shared between multiple tenants to virtual servers used by a single customer.  The information security risks associated with Cloud computing depend upon both the service model and the delivery model adopted. The common security concerns across this spectrum are ensuring the confidentiality, integrity and availability of the services and data delivered through the Cloud environment. In addition moving to the Cloud poses some compliance challenges.

This report finds that the Microsoft Cloud offering addresses the following important security challenges:

  • Availability: Windows Azure running in the Microsoft worldwide network of datacenters provides several levels of redundancy to maximize the availability of applications and data.
  • Compliance and data privacy: Microsoft Corporation is a signatory to the Safe Harbor agreement. Customers can choose the geographic location of the data. The service operates within the Microsoft Global Foundation Services infrastructure, portions of which are ISO 27001 certified.
  • Privilege management: Microsoft deploys a range of controls to protect against unauthorized activity by operational personnel.
  • Identity and Access: Windows Azure supports a claims based approach to managing access by end users to hosted applications and data. It supports important standards like SAML, and a range of identity providers.

The Microsoft technology includes proprietary interfaces that could lead to an organization choosing this technology to become”locked-in”. Although the platform supports encryption of customer data this is not the default. KuppingerCole strongly recommend that data in the Cloud should be encrypted.

While the Microsoft technology supports confidentiality, availability of data and integrity of processing it is up to the organization to develop and configure a Cloud service built using this technology to achieve these objectives. KuppingerCole recommends that any organization intending to use the Microsoft platform should clearly define the information security requirements and evaluate how these will be met in detail.

You can get access to this document for free, if you register for KuppingerCole Select access now.

Date Title Price
Aug 29, 2011

Vendor Report: Microsoft® Cloud Security - 70126

This document is an evaluation of Microsoft’s Windows Azure™ Cloud platform from a security perspective. This platform allows organizations to build Cloud applications which are then hosted in the worldwide network of Microsoft datacenters. It also allows organizations to host…

€195.00
excl. VAT
Get Access
Mastercard Visa American Express PayPal INVOICE

Latest Related Reports

Whitepaper

Considerations for Reducing the Risk of Ransomware

In this paper, we will expand our view of ransomware and demonstrate how treating it as an isolated security challenge is not a sustainable approach. We will show why prevention is the best foundation for managing risk and consider some strategies to combat common ransomware tactics. A…

Executive View

Orca Cloud Security Platform

Unzureichend verwaltete Sicherheitskontrollen innerhalb der Ressourcen eines Mandanten von Cloud-Diensten sind zunehmend die Ursache von Sicherheitsvorfällen und Compliance-verletzungen. Die dynamische Infrastruktur und die Entwicklungsmethoden von heute erfordern einen dynamischen Ansatz…

Market Compass

Cloud Backup and Disaster Recovery

The KuppingerCole Market Compass provides an overview of the product or service offerings in a certain market segment. This Market Compass covers solutions that provide backup, restore and disaster recovery of IT service data into the cloud in the context of the hybrid IT service delivery…

Executive View

Orca Cloud Security Platform

Poorly managed security controls within a cloud services tenant's resources are increasingly the cause of security incidents and compliance failures. Today's dynamic infrastructure and development methodologies need a dynamic approach to cyber security. This report reviews Orca's Cloud…

Buyer's Compass

Hybrid Cloud Backup and Disaster Recovery

This Buyer's Compass covers solutions that provide backup and restoration of IT service data into the cloud in the context of the hybrid IT service delivery environment that is now commonly found in medium to large organizations. These solutions provide the capability to backup IT service…