Microsoft cloud: an image update

I’m familiar with the typical arguments customers make to reject or delay transitioning to the cloud. But despite these arguments, or rather, because of these arguments, I’m eager to confront the unpleasant issue of data protection and compliance in the cloud. The increasing number of requirements and regulators surrounding the security of highly sensitive data is the number one source of motivation to do something about it! There’s one thing I can assure you of right off the bat: you are not alone in this challenge!

Microsoft’s strong commitment and promise of security

The question of where to store the data, or rather where to anchor the selected data centre locally to store it in the long term, is one that many companies grapple with.

This is critical if the responsibility for sensitive information is transferred to a third party. Internal information ranging from personal data to entire corporate strategies require security, trust and a compliance strategy:

• Who has access to my data?
• Is the data protected against espionage and being read by someone without authorisation?
• How high is the level of protection against cyber-attacks?

Despite all of these concerns, the prevailing coronavirus pandemic and the prospect of the future New Work movement is forcing companies to take a hard look at the critical issues of collaborative work to ensure business success, regardless of location. Protective measures saw employees relocated to working from home, while at the same time, a collaborative IT infrastructure had to be implemented swiftly, meaning it also had to undergo a comprehensive reassessment.

However, there are also positives to be taken from this:

As a cloud provider, Microsoft in particular is under pressure to put the issue of security and customer concerns at the top of its agenda as a matter of priority. As a pioneer, Microsoft has introduced the ‘EU Data Boundary for the Microsoft Cloud’ for its customers. Microsoft promises to ensure that no personal data will leave the EU and to provide customer-managed data encryption.

This is a crucial milestone in the right direction towards building a meaningful position of trust. The company is delivering on its promise by making considerable investments in the expansion of the data centre infrastructure in Europe, distributed between 13 countries, and work is already underway. Microsoft customers will have the certainty of knowing that they will be able to follow all the necessary processes in the course of digitalisation within the framework of the laws and regulations applicable throughout Europe. Once the data centre expansion has been completed, Microsoft customers will finally have the option to determine the exact geographical location of their data.

In addition, Microsoft promises to challenge each and every government request for personal information as long as there is a legal basis for doing so. A lawsuit challenging the method practiced by US authorities of enforcing search warrants for servers outside the country was upheld. This means that Microsoft responsibly protects customer data from unwanted disclosure in accordance with the applicable national laws of the respective customer.

Complete transparency is an important promise that Microsoft makes to its customers, as long as it is permitted within the legal framework. Customers are promised a copy of the request as well as the court order to disclose the data and are even promised compensation should legal rulings not be able to prevent the data from being disclosed.

Microsoft’s commitment as part of the ‘EU Data Boundary’ is a free service and the company’s promise of quality to its customers. This means that EU customers won’t be disadvantaged in terms of price.

Facts, figures and data:

• Microsoft invests over USD 1 billion in cybersecurity every year
• The Digital Crimes Unit (DCU) employs 3,500 security professionals in the global effort to fight digital crime
• 6.5 trillion signals from around the world are analysed for threats every day, and Microsoft is counting on AI and machine learning to help
• The DCU team prevents around five billion malware attacks per month

Protecting sensitive data on collaboration platforms in real life

Microsoft Teams has become an integral part of our everyday lives. Back when the pandemic dictated every aspect of our lives in particular, we used it extensively for both professional and private purposes. Thanks to curfews and social distancing, people around the world have come to value and love Teams. It allows them to finally meet their loved ones, at least virtually, despite the contact restrictions. With a worldwide daily user base of 115 million and an annual growth rate of one hundred percent, Teams has become an integral part of our everyday communication culture.

Who hasn’t seen the SNICKERS® ‘First Visitors’ advert, which is a charming and funny illustration of how Teams and other collaboration platforms have had a lasting impact on our lives during the pandemic and beyond?

The number of video calls and the astounding volume and speed at which people are conversing via the various chat channels that Teams offers its users are understandably worrying business leaders and data protection officers. The transfer of sensitive or even personal data during these calls and chats must be checked to ensure it meets the necessary security requirements.

Thanks to its end-to-end encryption , Microsoft provides its business customers with a solid foundation of data protection, currently available for VoIP telephony. Work on providing encryption for online meetings is currently the top priority. The public preview for this service will go live before the end of 2021. The New Work movement has thus passed another milestone and the boundaries between the old familiar office infrastructures and the boundless freedom in carrying out daily work are becoming visibly blurred in favour of flexibility.

The public authority Polizei Hamburg is leading the way with a positive example of how to use the cloud in a professional environment and collaborative cooperation in the public sector. Together with Microsoft, a communication solution was developed for the fast but highly secure exchange of location data, GPS tracking, photos and much more, which is used daily by 1,400 police officers in the office and in the field in Hamburg. Thanks to the digitally optimised cooperation of the police force in Hamburg, searches for missing persons, for instance, are more effective and deliver results faster.

A look behind the scenes

Let’s now take a look at the legal regulators and how Microsoft is meeting these challenges. It should be mentioned at the outset that Microsoft is the cloud provider with the most security certifications.

Compliance with international standard certifications such as ISO 27001 or ISO 27018, which regulate the security management systems for handling personal data, is a matter of course. The requirements of the German Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht, BaFin) and compliance with a framework for the design of privacy management systems in the ISO 27701 constitute further efforts to strengthen trust in the Microsoft Cloud. Global, regional and sector-specific certificates that are provided and expanded as part of the compliance offering can be viewed at any time here .

Data protection and compliance – a management task that should be taken seriously

However, all the efforts, investments, transparency pledges and certifications we have discussed here are worthless in the final analysis if management does not lead by example when it comes to handling compliance issues. The manager must be aware of his/her role as a role model and understand that compliance is tantamount to teamwork. If all employees are not pulling in the same direction, the goals that have been set become a distant prospect.

Compliance management should also be seen as a permanent component of change management within the corporate structure. It is important to get every employee in the company on board. Recognising the risks resulting from non-compliant behaviour is easy for most of us. Paradoxically, integrating the right compliance conduct into daily work processes poses enormous risks to employee satisfaction. They quickly feel oppressed by the consistent implementation of rules and control measures, which must definitely be avoided before they happen.

Compliance by each individual employee can only be ensured through transparency and clear communication throughout the entire company chain, starting from upper management.

adesso offers compliance service as an add-on

Thanks to our many years of industry expertise and experience as an IT service provider, we at adesso offer compliance and data protection packages as additional add-ons. Get in touch with us: we are happy to go that extra distance with you and your customers, from customised workshops to employee training on security and data protection topics to cloud or on-premises implementation solutions.

Would you like to learn more about exciting topics from the world of adesso? Then check out our latest blog posts.