Article 29 Working Party
• Set up under the EU Directive 95/46/EC for the protection of individuals
with regard to the processing of personal data
• Provides advice on whether countries outside the EU adequately protect
personal data transferred from the EU
• Approves codes of conduct for the processing of personal data
• Plays a critical role in global privacy law, given that the EU has some of the
most advanced data protection regulations in the world
• 28 member countries of the Article 29
Working Party plus Luxembourg, the Czech
Republic, and Spain all agree
• Microsoft is the first and only cloud
provider to receive this type of validation
• Personal data stored in Microsoft’s
enterprise cloud adheres to Europe’s
rigorous privacy standards no matter where
that data is located
• Applies to Microsoft Azure, Office 365,
Dynamics CRM Online, and Windows Intune
Microsoft’s contractual privacy
protections meet EU standards for
international transfers of data
Windows Azure
Pre-adoption concern
60%cited concerns around
data security as a barrier
to adoption
45%concerned that the
cloud would result in a
lack of data control
Benefits realized
94%experienced security
benefits they didn’t
previously have
on-premise
62%said privacy protection
increased as a result of
moving to the cloud
security benefits
SECURITY
Identity/access
Network
Data
Threat Defense
PRIVACY
COMPLIANCE
Windows Azure
trustworthy foundationBUILT ON MICROSOFT UNMATCHED EXPERIENCE AND INNOVATION
Trustworthy Computing
Initiative
Security Development
LifecycleGlobal Data Center
Services
Malware Protection
Center
Microsoft SecurityResponse Center
Windows Update
1st
Microsoft Data
CenterActive
DirectorySOC 1
CSA Cloud Controls Matrix
PCI DSS Level 1
FedRAMP/FISMA
UK G-Cloud Level 2
ISO/IEC 27001:2005
HIPAA/HITECH
Digital Crimes
Unit
SOC 2
E.U. Data Protection Directive
Windows Azure
Physical data center security
Cameras
24X7 security staff
Barriers
Fencing
Alarms
Two-factor access control: Biometric readers & card readers
Security operations center
Days of backup power
Seismic bracing
BuildingPerimeter Computer room
Windows Azure
shared responsibilityREDUCE SECURITY COSTS + MAINTAIN FLEXIBILITY, ACCESS, & CONTROL
Customer Microsoft
On-Premises IaaS PaaS SaaS
Windows Azure
transparency and independent verification
21
AID CUSTOMERS IN MEETING THEIR SECURITY AND COMPLIANCE OBLIGATIONS
Best practices and guidance
Third-party verification
Cloud Security Alliance
Security intelligence
report
Compliance packages
Trust Center
Access to audit reports
Security Response Center progress
report