Core security, privacy, and compliance tenets
As we learned in Chapter 1, Introduction to Cloud Computing, security is a shared responsibility model. This means that certain responsibilities transfer to the cloud provider in a cloud environment operating model, while other responsibilities are retained by the customer; you should understand when it is your responsibility to provide the appropriate level of security and control, and when it is not your responsibility but instead that of the cloud services provider to ensure that their platform is kept compliant and your data is kept private.
The following security model diagram visually sets out the division or separation of responsibilities between the consumer of the cloud resources and the cloud services provider itself:
Figure 10.1 – Shared responsibility model
The most critical responsibilities to be aware of are the responsibilities that you, as the consumer of cloud services, always retain and your responsibility to secure and protect.
Security, compliance, privacy, and transparency are fundamental for a trust model and are the core tenets of Microsoft Online Services; the following diagram represents Microsoft’s trusted cloud principles:
Figure 10.2 – Microsoft trusted cloud principles
The preceding diagram shows that while it is your data and your control, Microsoft is responsible for delivering and operating a cloud services platform that will provide the data residency an organization needs, as well as ensuring it will keep that data secure, private, and compliant with recognized compliance and regulatory standards. These, however, are not just principles, but contractual guarantees.
In this section, we looked at Microsoft’s trusted cloud principles. The following sections look at how Microsoft delivers on these core tenets.
Trust Center
The Trust Center is a publicly accessible web portal that acts as a single point of focus for an organization that needs resources and in-depth information regarding the Microsoft principles of security, privacy, and compliance. The Trust Center can be accessed from https://www.microsoft.com/trust-center:
Figure 10.3 – Microsoft Trust Center
The Trust Center is a centralized place for any organization that needs information or resources on security, privacy, and compliance regarding Microsoft Online Services, not just Azure. The following section looks at the Microsoft Privacy Statement.