By Dann Anthony Maurno
Microsoft on its Cyber Trust Blog has announced that Microsoft Trust Center now includes more enterprise cloud services, including:
- Microsoft Commercial Support
- Microsoft Dynamics AX
- Microsoft Power BI
These services join Microsoft Azure, Microsoft Dynamics CRM Online, Microsoft Intune, and Microsoft Office 365 into the Trust Center.
There appear to be no real change to AX in terms of security or certifications, but Microsoft is laying out its product and its architectural details in a way that should to be meaningful to an IT team or compliance department assessing Dynamics AX.
Microsoft in November rolled out the Trust Center to create a central point of reference for cloud trust resources and to detail the company’s commitments to security, privacy and control, compliance, and transparency. Microsoft CEO Satya Nadella in a press event concerning Microsoft’s new “Operational Security Posture” promised greater transparency into its cloud security. The Trust Center, he said, “Unifies the trust centers of our enterprise cloud services-Microsoft Azure, Microsoft Dynamics CRM Online, Microsoft Intune, and Microsoft Office 365.”
As Microsoft describes, it is via the Trust Center that the company documents its adherence to international and regional compliance certifications and attestations, and lays out the policies and processes that the company uses to protect customer privacy and your data.
New compliance certifications for Spain, UK
Microsoft is further adding two new compliance attestations, ENS in Spain and FACT in the UK, to two announced in March-CS Mark in Japan and MPAA, bringing the total of certifications and attestations to 37, “The most comprehensive of any major cloud service provider in the world,” says Microsoft.
Some background on those certifications and attestations:
- ENS. The Esquema Nacional de Seguridad (National Security Framework) in Spain, which provides ICT security guidance to public administrations and service providers. Microsoft was the first cloud service provider to receive ENS certification (for Azure and Office 365).
- FACT. Developed by UK Federation Against Copyright Theft, this certification scheme is based on ISO 27001 and focuses on physical and digital security to prevent theft of intellectual property. Microsoft Azure was the first multitenant public cloud to achieve FACT certification.
- MPAA. Azure is the first hyperscale cloud provider to comply with the Motion Picture Association of America guidance and control framework for the security of digital film assets.
- Cloud Security (CS) Mark. This is the first security standard for cloud service providers in Japan, and Microsoft has achieved a CS Gold Mark for all three service classifications: Azure for IaaS and PaaS, and Office 365 for SaaS.
Microsoft has numerous pages dedicated to compliance, with comprehensive information on such certifications and attestations as EU Model Clauses, FedRAMP, HIPAA, ISO/IEC 27001 and 27018, PCI-DSS, and SOC 1 and SOC 2. Each compliance page lists compliant services and detailed information such as implementation guides and best practices.