Migrating to the Cloud provides resilience, flexibility and is secure! Nevertheless, doubts remain regarding data security and privacy an obstacle for many companies considering cloud transformation. We have listed the most important questions!
What is Azure?
Azure, the world's second largest public cloud provider, hosts Microsoft's cloud products, including Dynamics 365. Azure is managed from more than 100 secure Microsoft data centres around the world. Each physical data centre is secured with multi-layered security ranging from access approval, to physical security such as locked server racks, video surveillance, and other security measures.
Then there's the Microsoft Cyber Defence Operations Centre, a cybersecurity and defence facility that protects cloud infrastructure. With more than 3,500 cybersecurity experts, they protect, detect and respond to threats in real time.
What are some Azure security measures?
- Encryption: Azure uses industry-standard transport protocols to secure data in transit between users and data centres, and within the data centres. In summary, the stored data is encrypted using a wide variety of capabilities. Users can choose the encryption solution that best suits their needs.
- Secure networks: Azure has a virtual network gateway that allows you to create encrypted IPSec tunnels. In addition, you can segment across multiple deployments into a single customer subscription using private IPs and subnets that act as virtual firewalls.
- Key Logs: Azure keys are protected by 256-bit AES encryption and Microsoft's Security Vault uses FIPS 140-2 validated HSMs to facilitate SSL/TLS certificate tasks.
- Malware protection: You can protect your Dynamics 365 against malware, and other online threats through the Azure administration portal.
- Two-step authentication service: Microsoft has a two-step authentication service that protects Azure users from unauthorized access. Authentication involves the use of a password, a trusted device, and biometrics such as a fingerprint.
How does Microsoft Dynamics 365 protect my data?
The Microsoft Dynamics 365 security model protects data integrity and privacy and supports efficient data access and collaboration.
The purpose of the security model is to grant access only to the right levels of information necessary to do their job. It categorizes users based on their role and restrict access to certain data based on their function. The vision supports the sharing of data with users and teams within your company and secures the data for those who don't need access to it.
Microsoft Dynamics 365 applications offer multiple ways to define access and privileges. These permissions protect data access, based on:
- Roles: Administrators grant access to data based on the role of each user in your company with access rights in multiple levels.
- Data: This security measure determines what a user can or cannot do with your data.
- Fields: You can assign specific field-level security parameters to these individual fields that may contain sensitive information.
Who owns my data?
Although Microsoft is the custodian of your Cloud Data, you are still the sole owner. Microsoft is the first Cloud provider to adhere to a code of conduct (ISO 27018) that guarantees the privacy and security of data stored in the Cloud.
- Customers know where their data is stored
- Personal information will not be used for marketing or advertising without express permission
- Require the return, transfer and secure disposal of personal information within a reasonable time
Is Microsoft Dynamics 365 GDPR compliant?
The GDPR legislation, or the General Data Protection Regulation (AVG) is a law that aims to protect personal data of all citizens of the European Union. Microsoft is doing everything in its power to make its products GDPR-proof. Microsoft always focuses on data protection and transparency.
Who has access to my data?
At the end of the day, and when needed, Microsoft personnel or service providers are the only one with access to your data. Under the terms and conditions of your Microsoft Business Services subscription, you may access and extract data at any time for any reason without notice to Microsoft.
Microsoft data centres are multi-tenant services. This means that your Dynamics 365 solution, and your associated data, can be hosted on the same server as other users. However, your data will not be merged with that of other users and thus will not have access to your data.
In addition, all access to data is logged, and monitored regularly to detect and identify inappropriate access. Information is also never disclosed to government or law enforcement agencies unless required to do so by law.
Third-party service providers such as Drink-IT who work with customer data must register for the Microsoft Supplier Security and Privacy Assurance Program. This program aims to standardize data processing practices and ensure adherence to best practices.
So, is my data in the Cloud safe?
Microsoft has a unique approach to data security with a guarantee on data security. If you have any questions or would like to know more about Microsoft Dynamics 365, please feel free to contact one of our consultants.