Cybersecurity with Microsoft Azure: The Three Key Principles for Data Control

Jordan Cueto | August 25, 2017 at 2:44 pm

What happens with data?

With the boom of cloud computing, IT organizations are now playing an increasingly important role in driving business strategies. Cost reduction is still a top priority, but scalability and flexibility are now becoming priorities for key decision makers. This trend drives the mobile-first, cloud-first mentality that Microsoft is doing in all its offers.

For many organizations, the benefits of moving to the cloud are clear. Still, fear of losing control causes decision makers to hesitate. Where is it stored? Who owns organizational data? Who’s accessing the data? These are the questions Microsoft and Tech One Global have in mind when making clear commitments. Good thing that as an IT solutions provider, Tech One Global and Microsoft are keen in following a set of key principles:


Users own their data

No one owns the data except the customers. This belief is fundamental to the Microsoft approach. When a customer goes for Azure, they retain exclusive ownership of the data they upload and use. Microsoft develops steps to secure many kinds of data from simple documents to robust application prototypes.

Microsoft defines customer data as “all data, including all text, sound, video, or image files, and software that are provided to Microsoft.” So yes, you can store your party photos that you’re so ashamed to put on social media and be guaranteed that no one will see it but you. Microsoft has your back.

Customers can access their own data at any given moment and for any reason, without the intervention of anyone. It will not be used for anything aside from improving the customer’s experience with Microsoft products.

Other forms of data that Microsoft secures include:

Customer data which is all data, including texts, sounds, video or image files, and software that are provided to Microsoft by or on behalf of the customer through Azure. For example, it includes data uploaded for storage or processing and applications uploaded by the customer for hosting on Azure.

Administrator data which is the information about administrators (including account contact and subscription administrators) supplied during signup, purchase, or administration of Azure (such as name, phone number, and email address).

Metadata which is comprised of configuration and technical settings and information. For example, it includes the disk configuration settings for an Azure virtual machine or the database design for an SQL Database, it will not include information from which customer data could be derived.

Access control data which is the data that is used to manage access to other types of data or functions within Azure. It includes passwords, security certificates, and other authentication-related data.


Users control data location

When customers entrust their data to Azure, they are not giving up control even in terms of location. For many users, knowing and controlling the location of their data are key elements of data privacy, compliance, and governance. Microsoft Azure offers a flexible network of datacenters across the globe. Control on data geography is crucial especially in providing a risk-free cloud infrastructure and should be an integral part of consideration for cloud usage.

Nothing highlights its importance than the 2011 earthquake disaster of Japan that incapacitated thousands of businesses while causing incalculable human suffering. It could have been worse if not for the country’s cloud infrastructure. “Many local governments’ data repositories and IT infrastructures in Japan were damaged by the disasters. Consequently, when public authorities needed to provide information, such as radiation measurements, these limited resources received an unmanageable surge of demand,” said Monika Buscher, a professor of sociology and director of the Centre for Mobilities Research at Lancaster University in England.

By having a remote cloud support, Japan was able to access mirrored government and business data, and in some instances, entire computing environments that were crucial in recovering from the disaster — a feat that will not be possible if cloud usage was restricted by geographical hurdles.


Users have access to encryption, role, and data destruction management

Microsoft ensures control over encrypted and deleted data. For encryption, customers have the option to generate and manage their own encryption keys — a welcome feature for 2017’s encryption-blocking swarms of malware variants. They also have the option to determine who uses these encryption keys, providing a more streamlined access control across the whole business operation. To take it further, users even have the option to revoke Microsoft’s copy of their encryption key, although this may limit Microsoft’s ability to troubleshoot and repair technical problems, still, the choice is there.

Finally, when the user deletes data or leave a Microsoft cloud service, Microsoft follows strict standards for overwriting storage resources before reuse, as well as physical destruction of decommissioned hardware, including contractual commitments to specific processes of data deletion. This is to ensure that the customer, at its core, is empowered in whatever decision they make in their digital transformation journey.

The race for digital transformation is still at its peak and there are still many facets in Azure’s computing environment, which we will tackle in a series of articles. Stay tuned for more here at Tech One Global. Subscribe to our newsletter for our latest content and offer.

Let’s keep growing together.

Share with
  • 57