Beruflich Dokumente
Kultur Dokumente
What does privacy at Microsoft mean? Are you using my data to build advertising products?
Transparency
Where is my data? Who has access to my data ?
Compliance
What certifications and capabilities does Microsoft hold? How does Microsoft support customer compliance needs? Do I have the right to audit Microsoft?
Security
Is cloud computing secure?
Privacy
Matters
Your
Transparency
Leadership in
Independently
Verified
Relentless on
Security
You know where data resides, who can access it and what we do with it
http://trustoffice365.com
Office 365 Privacy Whitepaper Office 365 Security Whitepaper and Service Description Office 365 Standard Responses to Request for Information
Services are highly configurable and scalable without customization. Services are under the Microsoft Security Policy. We provide transparency in data location and transfers. We audit on your behalf and provide certification reports. Microsofts liability is capped, consistent with industry standards.
Office 365 is a highly standardized service that Microsoft offers under highly standardized contractual terms and condition.
Process
Guide product teams to meet SDL requirements
Design
Establish Design Requirements Analyze Attack Surface Threat Modeling
Accountability
Establish release criteria and sign-off as part of FSR Incident Response (MSRC)
Implementation
Use Approved Tools Deprecate Unsafe Functions Static Analysis
Verification
Dynamic Analysis Fuzz Testing Attack Surface Review
Release
Incident Response Plan Final Security Review Release Archive
Response
Ongoing
Process
Improvements
Threat and vulnerability management, monitoring, and response Data User Application Host Internal network Network perimeter Facility Access control and monitoring, file/data integrity Account management, training and awareness, screening
https://www.cert.org/blogs/certcc/2011/04/office_shootout_microsoft_offi.html
No Advertising
No advertising products out of Customer Data. No scanning of email or documents to build analytics or mine data.
Data Portability
Office 365 Customer Data belongs to the customer. Customers can export their data at any time.
No Mingling
Choices to keep Office 365 Customer Data separate from consumer services.
We use customer data for just what they pay us for - to maintain and provide Office 365 Service
Core Customer Data Yes
Yes
Yes No No No No Address Book Data Yes, as needed.
Yes
Yes Yes No/Yes No No
Yes
Yes No No No No Customer Data (excluding Core Customer Data*) Yes, as needed.
Yes
No No No No No Core Customer Data Yes, by exception.
Support Organization
Engineering Partners Others in Microsoft
Compliance
ISO27001
ISO27001 is one of the best security benchmarks available across the world. Office 365 first major business productivity public cloud service to implement rigorous ISO security controls on physical, logical, process and management
EU Model Clauses
Office 365 is the first major business productivity public cloud service provider willing to sign EU Model Clauses with all customers. EU Model Clauses a set of stringent European Union wide data protection requirements
Microsoft is offering to sign the Business Associate Agreement (BAA) for any Microsoft Enterprise Agreement customer. The BAA helps enables our customers to comply with HIPAA concerning protected health information.
EU Safe Harbor
EU generally prohibits personal data from crossing borders into other countries except under circumstances in which the transfer has been legitimated by a recognized mechanism, such as the "Safe Harbor" certification Microsoft was first certified under the Safe Harbor program in 2001, and we recertify compliance with the Safe Harbor Principles every twelve months
Primarily US customers
Available
Transparency
At Microsoft, our strategy is to consistently set a high bar around privacy practices that support global standards for data handling and transfer
This saves customers time and money, and allows Microsoft to provide assurances to customers at scale.
Business rules for protecting information and systems which store and process information
Standards
Step-by-step procedures
Operating Procedures
26
Recommended Partner
Cloud Vantage Services helps you realize business value from your Office 365 investments by providing deep expertise
investments.
http://trustoffice365.com
Office 365 Privacy Whitepaper (New!) Office 365 Security Whitepaper and Service Description Office 365 Standard Responses to Request for Information
2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentations. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.