technical solutions and commentary

Microsoft’s Global Foundation Services (the team at Microsoft who operates the data centers worldwide for internal and cloud services) Cloud Infrastructure Security Team has shared a new whitepaper titled “Information Security Management System for Microsoft’s Cloud Infrastructure”.

The whitepaper and accompanying blog post by Mark Estberg examines how Microsoft addresses the security challenges it faces as a cloud provider, and explains three of the security practices Microsoft uses to secure its cloud:

• Information Security Management Forum – A structured series of management meetings in specific categories for managing the ongoing operations of securing the cloud infrastructure.
• Risk Management Program – A sequence of processes for identifying, assessing, and treating information security risks and for enabling informed risk management decisions are made.
• Information Security Policy Program – A structured process for reviewing information security policy and for making changes when deemed necessary.

For any organization that runs their own data centers, is looking at setting up an internal cloud, or is a customer of a cloud provider, this could be a helpful resource.