When I talk with customers and partners about making the move to the cloud, the number one objection I hear is always security. They love the economic model, the way it frees up their IT resources, and the flexibility it gives them, but how can they be sure that their valuable data is being kept secure and private? Do they need to go visit the cloud provider’s data center to inspect the staff, the servers, or the network connections in-person? No, that’s not economical or scalable for the customer or the cloud provider. If an organization is going to trust a cloud service provider with their data, then they will need a third-party to validate that security practices meet or exceed industry standards. This independent verification is a key piece to cloud adoption. This is why the Microsoft Dynamics CRM team is investing in compliance with world-class industry standards. In fact, at the end of February, Microsoft Dynamics CRM Online obtained ISO 27001 certification from the British Standards Institute. ISO27001 is one of the best security benchmarks available across the world.
Another key element to building trust with customers is transparency. A cloud service provider must openly communicate how they operate the service and handle customer data. To help customers in the evaluation of cloud services, the Cloud Security Alliance created the Security, Trust & Assurance Registry (STAR). This registry is open to all cloud vendors and makes it easy for customers to learn about the vendors’ security and privacy practices. Microsoft has already published self-assessments in the STAR for three of its cloud services: Microsoft Dynamics CRM Online, Office 365, and Windows Azure. This is a great step for transparency at Microsoft and another example of how we differentiate ourselves from other cloud service providers.
If you’re as passionate about this as I am, I encourage you to look at our whitepaper that outlines how Microsoft Dynamics CRM Online ensures the security and privacy of your data. I’m interested in hearing what you think. Are independent verification and transparency important for running your business in the cloud?
Until next time,