Posts made in October, 2015

Is the Microsoft Cloud Secure Enough For Your Business?

Posted by on Oct 13, 2015 in Cloud, Microsoft | 0 comments

Can my Business Trust the Microsoft Cloud? The simple and straightforward answer to this question is yes.  If its secure enough for the US Navy, the MoD and a variety of other government departments, its safe to say that the Microsoft Cloud will meet the security requirements of your business in most cases.  But lets take a look at your security needs in a bit more detail and look at some examples of how are where the standards are met.  In this blog post I want to help colleagues working in the Legal Services Industry to fully understand the benefits and implications of a cloud strategy for their business. Microsoft have published a great deal of information detailing how Office 365, Azure and CRM Online are in compliance with the Governments 14 Cloud Security Principles.  You can read all about this in an article written by Stuart Aston, the Chief Security Advisor at Microsoft UK.  The Law Society of England and Wales and the Solicitors Regulation Authority have both issued guidance notes explaining the requirements and recommendations for the industry when using cloud services like Office 365 and Azure.  In this article we will look at each section of the guidance and provide some real life examples of how the requirements can be met. Thank you to Microsoft for allowing us to republish content from their original articles which are linked below. The Data Protection Act 1998 When handling personal data Solicitors must comply with the Data Protection Act 1998. The processes in place for Office 365 and the way your data is handled by Microsoft are transparently clear and independently audited.  As Microsoft cloud customers you can find out where your data resides, who can access it and how that data is processed.  Its your data and you maintain ownership.  Microsoft provide easy to understand information detailing how that data is managed and their commitment to your privacy.  The Office 365 Trust Centre and the Azure Trust Centre provide further details on what exactly this commitment to your privacy means.   Protecting Confidential Information Outcome 4.1 of the SRACode of Conduct. It is essential that your clients trust you to keep their affairs confidential.  Microsoft do not provide any third party organisation, including government with direct and unfettered access to your data and does not provide any ‘back door’ method for gaining unauthorised access.  Microsoft will provide the customer with legal requests for Customer data and will insist on all authorities complying with the correct legal process.  In fact, in response to internet speculation regarding governmental surveillance of the internet, Microsoft has already taken steps to further improve data encryption and further reinforce the legal protection for customer’s data. Save Harbour Protected Data Firms must be aware of the eighth principle of the DPA.  Firms must ensure a written contract is in place with the cloud provider, requiring the provider to follow the firm’s instructions. Microsoft have a regionalised data centre strategy such that all European customer data is stored within the EU.  The Online Service Terms include this commitment by default.  In April 2014, Microsoft became the first (and to date, only) company to receive approval from the data protection regulators of all 28 European Union Member States (Article 29 Working Party) that its implementation of the EU Model Clauses meets the higher standard of EU data protection legislation.  If effect this means that customers can be totally reassured that no matter where their data is located throughout the world, it is protected by a standard which is no lower than required by the EU data protection authorities. In addition Microsoft abide by the relevant Safe Harbour frameworks regarding the collection, use, transfer and retention of data from the EEA and Switzerland. Who Owns the Data? Outcome 7.10 of the SRA Code of Conduct. When it comes to storing data in the cloud and using Office 365, one of the most frequently asked questions is ‘Who Owns the data’.  The simple answer is you.  When you store data in Office 365, you will always own the data and retain all rights, title...

Read More