Microsoft Adopts ISO/IEC 27018 Cloud Privacy Standard

Image Attribution: Flickr

Microsoft has announced that it has adopted the ISO/IEC 27018 international security standard which is designed to outline procedures involved with the handling of personally identifiable information within a cloud infrastructure.
Under the terms of the international standard, Microsoft has reaffirmed its commitment to ensure the privacy of its client’s data hosted within cloud services. Since all data stored inside of a customer’s cloud is deemed private, the information inside can not be used for marketing or advertising purposes. The adoption of the standard also means that any requests for personal data by authorities would result in Microsoft notifying the customer of the request.
The ISO/IEC 27018 cloud security standard was met with much applause last year as it has been deemed the first standard of its kind. Microsoft’s Brad Smith wrote in a blog post that Microsoft is the first major cloud provider to adopt the world’s first international standard for cloud privacy. Microsoft emphasized 5 key points as it related to its adoption of the new standard. They are:

  • You are in control of your data
  • You know what’s happening with your data
  • We provide strong security protection for your data
  • Your data won’t be used for advertising
  • We inform you about government access to data

Microsoft’s public acknowledgement of these standards demystifies some of the questions potential clients may have about the privacy practices of Microsoft’s Cloud offerings. In addition to adopting this standard, Smith writes that Microsoft “received confirmation from European data protection authorities that Microsoft’s enterprise cloud contracts are in line with ‘model clauses’ under EU privacy law regarding the international transfer of data.”
Microsoft’s adherence to international standards has been verified by independent auditing groups such as the British Standards Institute and Bureau Veritas. Microsoft mentions that Azure, Office 365, Dynamics CRM Online and Microsoft Intune have received the independent verifications which should help squash data privacy concerns.