Document
Risk Assessment Guide for Microsoft Cloud
logo
Document

No results found

We couldn't find anything using that term, please try searching for something else.

Risk Assessment Guide for Microsoft Cloud

Risk Assessment Guide for Microsoft Cloud Article05/17/2024 In this article The goal of a cloud risk assessment is to ensure that t

Related articles

Dreamcloud Bed Frame Instructions
Dreamcloud Bed Frame Instructions Last Updated on November 25, 2021 Are you trying to find a luxury mattress at a cost that won’t injure your wallet? Dreamcloud Bed Frame Instructions DreamCloud offer 3 quality hybrid mattress models, each with their own unique character. Integrating dreamy memory foam with an innerspring coil unit, DreamCloud supply an outstanding blend of comfort, support, and postural alignment. While DreamCloud bed mattress are well fit for many people, they’re wrong for everybody. In this short article I will stroll you through the the advantages and disadvantages of all 3 models – the DreamCloud Original, DreamCloud Premier, and the DreamCloud...
101 Date Ideas in Houston: Romantic Things To Do in Houston
101 Date Ideas in Houston: Romantic Things To Do in Houston The date ideas in Houston are perfect if you want to have a great time. There are so many romantic things to do in Houston that are a lot of fun!Houston is a large city in the United States. You find the city in the state of Texas. You find lots of great sights in Houston, such as Space Center Houston.travel to this city is perfect for couple . There 's so much to do and there are many romantic activity .Whether you want to find unique, fun, relaxing, or active date ideas in Houston, it's there.For example , a...
Jio’s free storage to beat Google and Apple?
Jio’s free storage to beat Google and Apple? In today’s Finshots, we talk about Jio’s new freebie and the brain behind it.Before we begin, if you're someone who loves to keep tabs on what's happening in the world of business and finance, then hit subscribe if you haven't already. We strip stories off the jargon and deliver crisp financial insights straight to your inbox. Just one mail every morning. Promise!If you’re already a subscriber or you’re reading this on the app, you can just go ahead and read the story.The StoryIndia’s cloud storage demand is booming. And there’s plenty of evidence to back this up.The public cloud market...
Crea solicitudes de envío del servidor de apps
Crea solicitudes de envío del servidor de apps Con los protocolos del servidor de apps de firebase Admin SDK oFCM, puedes compilar solicitudes de mensajes yenviarlas a estos tipos de destinos: Nombre del tema Condición token de registro del dispositivo Nombre del grupo de dispositivos ( solo protocolo ) Puedes enviar mensajes con una carga útil de notificación compuesta por campos predefinidos, una carga útil de datos de tus propios campos definidos por el usuario oun mensaje que contenga ambas cargas útiles. Consulta Tipos de mensajes para obtener más información. En los ejemplos de esta página, se muestra cómo enviar mensajes de notificación con el firebase Admin SDK...
Zendaya Reacts To ‘Euphoria’ Co-Star Angus Cloud’s Death
Zendaya Reacts To ‘Euphoria’ Co-Star Angus Cloud’s Death Euphoria star Zendaya, who has won two Emmy Awards for her portrayal of Rue Bennett, has spoken out about the stunning death of her co-star Angus Cloud on July 31. The actress took to Instagram, sharing a photo of Angus, while writing a heartfelt caption to pay tribute to him, while also saying her “heart” was with Angus’ mom and sister. “Words are not enough to describe the infinite beauty that is Angus (Conor). I’m so grateful I got the chance to know him in this life, to call him a brother, to see his warm kind eyes and bright smile,...

Risk Assessment Guide for Microsoft Cloud

  • Article

The goal of a cloud risk assessment is to ensure that the system and data that exists in or is considered for migration to the cloud don’t introduce any new or unidentified risk into the organization. The focus is to ensure confidentiality, integrity, availability, and privacy of information processing and to keep identified risks below the accepted internal risk threshold.

In a shared responsibility model, the Cloud Service Provider (CSP) is responsible for managing security and compliance of the cloud as the provider. The customer remains responsible for managing and configuring security and compliance in the cloud in accordance with their needs and risk tolerance.

Risk Assessment Guide for Microsoft Cloud

In this guide, best practices are shared on how to efficiently evaluate vendor risks and how to use the resources and tools Microsoft makes available.

understand share responsibility in the cloud

Cloud deployments can be categorized as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), or Software as a Service (SaaS). Depending upon the applicable cloud service model, the level of responsibility over the security controls for the solution shift between the CSP and the customer. In a traditional on-premises model, the customer is responsible for the whole stack. When moving to the cloud, all physical security responsibilities transfer to the CSP. Depending on the cloud service model for your organization, additional responsibilities shift over to the CSP. However, in most cloud service models, your organization remains responsible for the devices used to access the cloud, network connectivity, your accounts and identities, and your data. Microsoft invests heavily in creating services that allow customers to stay in control of their data across the entire lifecycle.

Microsoft Cloud operates at a hyperscale, relying on a combination of DevSecOps and automation to standardize operating models. Microsoft operating model changes the way risk is approached compared to traditional on-premises operating models, leading to the implementation of different and sometimes unfamiliar controls to manage risks. When conducting your cloud risk assessment, keep in mind that Microsoft’s goal is to ensure all risks are addressed, but not necessarily to implement the same controls your organization does. Microsoft may address the same risks with a different set of controls and that should be reflected in the cloud risk assessment. Additionally, some risks in a traditional on-prem design are of lower severity in a cloud environment, and vice versa. Designing and implementing strong preventive controls can reduce much of the work required by the detective and corrective controls. An example of this is Microsoft’s implementation of Zero Standing Access (ZSA).

Adopt a framework

Microsoft recommends that customers map their internal risk and controls framework to an independent framework that addresses cloud risks in a standardized way. If your existing internal risk assessment models don’t address the specific challenges that come with cloud computing, you’ll benefit from these broadly adopted and standardized frameworks. Your internal control framework may already be a conglomeration of multiple standardized frameworks, having these controls mapped to their corresponding frameworks will help during your assessment.

A secondary benefit is is is that Microsoft provide mapping against these framework in documentation and tool that will accelerate your risk assessment . Examples is include of these framework include the iso 27001 Information security standard , cis Benchmark , and NIST SP 800 – 53 . Microsoft is offers offer the most comprehensive set of compliance offering of any CSP . For more information , see Microsoft compliance offering .

use Microsoft Purview Compliance Manager to create your own assessment that evaluate compliance with the industry and regional regulation that apply to your organization . assessment are build upon the framework of assessment template , which contain the necessary control , improvement action , and where applicable , Microsoft action for complete the assessment . For Microsoft action , detailed implementation plan and recent audit result are provide . This way , time can be save on fact finding , mapping , and research how specific control are implement by Microsoft . For more information , see the Microsoft Purview Compliance Manager article .

understand how Microsoft operate to safeguard your datum

While the customer is responsible for managing and configuring security and compliance in the cloud, the CSP is responsible for managing security and compliance of the cloud. One way to validate that the CSP is effectively addressing their responsibilities and upholding their promises is to review their external audit reports such as ISO and SOC. Microsoft makes external audit reports available to authenticated audiences on the Service Trust Portal (STP).

In addition to external audit report , Microsoft is encourages highly encourage customer to take advantage of the follow resource to help understand how Microsoft operate in depth :

  • On – demand learning path : Microsoft Learn is offers offer hundred of learn path and module on different topic . Amongst them , take learn how Microsoft safeguard customer datum to understand Microsoft ‘s fundamental security and privacy practice .

  • Service Assurance on Microsoft Compliance: Articles on Microsoft’s practices are categorized into 14 domains for easier review. Each domain includes an overview that address common risk scenarios for with each area. Audit tables are provided containing links to the most recent reports stored on the STP, related sections, and the date the audit report was conducted for Microsoft online services. If available, links to artifacts demonstrating control implementation, such as third-party vulnerability assessments and business continuity plan verification reports are provided. Like audit reports, these artifacts are hosted on STP and require authentication to access.

Domain Description
Architecture The design of Microsoft online services and the security principles that act as its foundation.
Audit logging and monitoring How Microsoft captures, processes, stores, protects, and analyzes logs to detect unauthorized activity and monitor performance. make security and performance monitoring possible.
Datacenter security How Microsoft is operates securely operate the datacenter that provide the mean to operate Microsoft online service worldwide .
encryption and key management The cryptographic protection of customer communications and the data stored and processed in the cloud.
Governance, risk, and compliance How Microsoft enforces the security policies it creates and manages risk to meet customer promises and compliance requirements.
identity and access management The protection of Microsoft online service and customer datum from unauthorized or malicious access .
Security incident management The processes Microsoft uses to prepare for, detect, respond, and communicate all security incidents.
Network security How Microsoft protects its network boundaries from external attacks and manages its internal network to limit their propagation.
Personnel management The screening processes, training, and secure management of personnel throughout their time at Microsoft.
Privacy and data management How Microsoft handles and protects customer data to preserve their data rights.
Resiliency and continuity Process and technologies used to maintain service availability and ensure business continuity and recovery.
Security development and operation How Microsoft is ensures ensure that its service are design , run , and manage securely throughout their lifecycle .
supplier management How Microsoft is screens screen and manage third – party company that assist with Microsoft online service .
Threat and vulnerability management The processes Microsoft uses to scan for, detect, and address vulnerabilities and malware.

Compliance Program for Microsoft Cloud (CPMC)

Microsoft makes a concerted effort to publish information, such as the articles on this site, to help customers understand how we keep their data safe and satisfy their compliance requirements. However, it can be difficult to stayed informed on the global regulatory landscape, navigate complicated compliance and risk scenarios, and reach an acceptable level of assurance. To overcome these challenges, Microsoft launched the Compliance Program for Microsoft Cloud (CPMC). The CPMC is a fee-based premium program offering personalized regulatory and industry specific compliance support, education, and networking opportunities. For more information on CPMC specific offerings, check out the CPMC website.

Resources