Secure in the Cloud with Microsoft

Anybody considering cloud computing is right to be worried about security and availability - here we will look at some of the key features of the Microsoft approach to addressing concerns.

Before entering the main list it is worth reiterating that these offerings are fully hosted by Microsoft which should address some of the higher level concerns around supplier viability, what happens if they get taken over by somebody else. Also there is the question about staff skills, does the hosting company know enough about the software and have a good relationship with the publisher - not really a question here then.

9 layers of data security - filtering routers, firewalls, intrusion detection system, system level security, application authentication, application level countermeasures, virus scanning, separate data networks and authentication to data all add up to considerable peace of mind.

Geo-redundant datacentres - if there is a major problem in one geographical location you will seamlessly be able to access your services from a datacentre in another location.

N+1 architecture - which essentially means they have at least two of everything in their datacenters so that a failure in any one item (power supply, power back up, cooling systems, generators etc.) will not cause an outage.

Independent audit and certification - is a key part of the Microsoft offering with a focus on SAS 70 audits (become very important and widely recognised in part as a result of Sarbanes Oxley) and CyberTrust certification (widely respected marks of compliance for applications and service providers).

Secure access via 128 bit SSL - protecting data between Microsoft datacenters and between datacenters and users. Fact for number lovers, you could use lower strength encryption (e.g. 40 bit) but don't think this is just 3 times better. If a hacker could break a 40 bit connection in a few minutes, the same tools would need over a trillion years to break a 128 bit connection.

ITIL and MOF operational practices - there's no point having all these great systems if the people and process just come in and wreck everything each time they try to change, fix or improve something. These practices are widely respected around the world for minimising negative impacts on IT service provision.

24x7x365 support - any time of day or night there are support people available and keeping an eye on things.

Backed by 99.9% uptime SLA - there are some meaty documents to read and a formula to calculate your service credits (aka money back) but basically Microsoft have committed to make the services available 99.9% of the time - if they fail to meet this you can claim money back (in fact broadly speaking if the availability fell below 95% in a month you would receive a full refund on your monthly fee).