14 DAY TRIAL // Microsoft has made yet another step towards increasing the cloud security transparency of its products through publishing a new self-assessment in the CSA’s STAR, this time for Microsoft Dynamics CRM.
Previously, the company has provided a series of details on how its Office 365 and Windows Azure products can fulfill various security, privacy, and compliance requirements.
Through these actions, the company showed increased commitment towards transparency for their cloud customers.
This week, they unveil that Microsoft Dynamics CRM also got a self-assessment published in Cloud Security Alliance’s (CSA) Security Trust and Assurance Registry (STAR).
Tim Rains, director, Trustworthy Computing, explains in a post on the company’s Trustworthy Computing blog that the move was also fueled by the fact that customers have been asking about the security practices and security controls that cloud service providers make use of.
“This information helps customers better understand whether those services meet or exceed their organization’s compliance obligations and internal standards,” Rains notes.
“The self-assessments for Office 365, Windows Azure, and Microsoft Dynamics CRM in the CSA’s STAR registry provides cloud customers with the visibility and transparency they are looking for, in a way that is based on standards (ISO 27001) and CSA best practices, for free.”
The three assessments can be found on CSA’s website today, for Office 365, Windows Azure and Microsoft Dynamics CRM. They can be downloaded for additional info on these Microsoft products.
In the document published for Microsoft Dynamics CRM, for example, details on how the service rallies with the Cloud Security Alliance (CSA) Cloud Control Matrix (CCM)’s requirements on security, privacy, compliance, and risk management are available.
“Note that this document is intended to provide information on how Microsoft Dynamics CRM Online operates,” the self-assessment’s description reads.
“Customers have a responsibility to control and maintain their environment once the service has been provisioned (i.e., user access management and appropriate policies and procedures in accordance with their regulatory requirements).”