Adopting Cloud Data Security Practices

Posted on by Marc Pinotti

Cloud has given enormous space to plug and play with your applications and content at the user and system level. This is now the responsibility for any cloud providing service to ensure data security and regulations to be adopted thoroughly by the organizational groups and the people associated with the organization. Discrimination of personal and corporate credentials, encryption policies, audit logs of resources are the basic steps for secured content management.

Microsoft Azure – Privacy by Design, is the theme adopted at each zone of “software development life cycle” mapped with “Microsoft Secure Development Lifecycle” for Azure, office 365 and other Microsoft products; that regulates and empower the data security at client and customer level and to make customer own the responsibility of their data with respect to internal governance practices.

UnifyCloud LLC is a leading cloud service provider following cloud security practices based on Microsoft Azure and supplier of versatile suits such as CloudAtlas® to help securely move the on-premises data on cloud.

Data Privacy Standards, Compliance described and followed by Microsoft suits:
  • HIPAA and HITECH – Azure based applications has to adopt the Business Associate Agreement (BAA) to comply with these laws.
  • CSA STAR Registry – Basic principles to be followed by a CSP for security and risk management.
  • EU Model Clauses – Azure configured applications must satisfy EU standards for international transfer of data which highlights that personal data on cloud is subjected to Europe’s rigorous privacy standards without the impact of its location.
  • ISO 27001, certifications required for CSPs.
  • SOC1 and SOC2, identify the controls for security, accessibility and secrecy of your data.
  • Customer is the own controller of their data and azure products do not share the customer data with third parties (including law enforcement, other government entity or civil litigant)
Azure procedures for data protection:
  • Data access controls bifurcated in to Physical and logical perimeters for fencing and other security controls.
  • Two-factor authentication for logging and auditing activities.
  • Monitoring of production environments for privacy and security-related threats.
  • Data isolation techniques for cloud tenants.