Microsoft beefs up cloud security, wins ASD cert

Microsoft has enhanced the security of its Office 365 and Azure cloud services and has become one of the first cloud providers to be approved to handle unclassified government data under the Australian Signals Directorate’s new certification process.

At the RSA Conference yesterday, Microsoft revealed plans to increase the levels of encryption for email sent through its Office 365 suite to encompass content-level encryption in addition to the current Bitlocker encryption.

Microsoft is also working to introduce a new customer lockbox for Office 365 content, designed to improve transparency and customers’ control over their content in the suite. The new lockbox will, for example, allow companies to approve or reject a Microsoft engineer’s request to log into an Office 365 service for repairs.

A new Office 365 Management Activity API will allow for the development of monitoring, analysis and compliance assurance systems to provide organisations with greater visibility into actions taken on their content, including potential security threats.

Microsoft is also working with security industry partners including Barracuda, Check Point, Fortinet, Websense, Palo Alto Networks, F5 Networks and Alert Logic to develop new network security and other appliances for its Azure cloud platform.

At the RSA Conference, Microsoft and partners showcased three new security appliances available on the Azure Marketplace - the Barracuda Web Application Firewall, the CloudLink SecureVM and the Trend Micro Deep Security Platform.

In Australia, the Australian Signals Directorate (ASD) has meanwhile established a new certified cloud services list for Australian Government agencies, streamlining the process by which agencies can verify the security of a cloud offering.

The ASD has certified Microsoft’s Office 365 and Azure, as well as Amazon’s EBS, EC2, S3 and VPC platforms, for the handling of Unclassified - Dissemination Limiting Markers (DLM) data.

“This builds on the extensive assessment undertaken of both Azure and Office 365 for the handling of Unclassified (DLM) government data according to the Australian Government’s Independent Registered Assessors Program (IRAP),” Microsoft Australia National Security Officer James Kavanagh said in a blog post announcing the certification.

“A necessity for federal government agencies, this certification is also highly relevant to state government and enterprise organisations seeking independent assurance of the security of cloud service providers.”

In other local news, Optus Business has become the first Australian telecom operator to join Microsoft’s Cloud OS Network, arranging to offer a private managed cloud to Australian enterprise and government customers based on the Azure platform.

The solution will allow customers to deploy private, public or hybrid cloud environments while meeting enterprise-grade requirements for security, performance and availability.

New research from CipherCloud suggests that Microsoft’s Office 365 is one of the most popular cloud services among enterprises worldwide.

A survey of 150 companies in Europe, Asia and Latin America shows that 62% of companies have either adopted or are in the process of adopting Office 365, making it the second most popular service behind Salesforce.com (67%).

The survey shows that enterprises consider cloud security to be a platform proposition. Enterprises overwhelmingly require security controls to extend across multiple cloud services.

Some 72% of enterprises consider data protection to be a vital function of an enterprise cloud security platform, followed by visibility and monitoring (65%) and data loss prevention (45%). Companies prefer a hybrid cloud monitoring deployment model, with 82% expecting log analysis to be performed on premises.

“Enterprises are taking a broader view of cloud security,” CipherCloud CEO Pravin Kothari said. “As they continue to adopt the cloud, enterprises are recognising the importance of a platform approach to fully protect their data.”

Image courtesy of Perspecsys under CC