Windows Azure Leads Way with SOC 2 + CSA CCM Attestation
by John Howie, COO, Cloud Security Alliance
This week Microsoft announced that Windows Azure had completed an assessment against the Cloud Security Alliance Level 2 Cloud Control Matrix as part of its Service Organization Control (SOC) 2 Type II audit conducted by Deloitte. This combined approach was recommended by the American Institute of CPAs (AICPA) and published in a position paper released with the Cloud Security Alliance (CSA) earlier this year, as part of our guidance on selecting the most appropriate reporting standard.
The guidance reflects the Cloud Security Alliance’s view that for most cloud providers, a SOC 2 Type II attestation examination conducted in accordance with AICPA standard AT Section 101 (AT 101) utilizing the CSA Cloud Controls Matrix (CCM) as additional suitable criteria is likely to meet the assurance and reporting needs of the majority of users of cloud services.
We would like to congratulate Microsoft for their continued leadership in being the first cloud provider to produce a SOC 2 report with CCM included as recommended by the AICPA and the CSA. Customers of Windows Azure will benefit from the comprehensive review of the company's cloud controls in critical areas such as confidentiality, availability, and privacy.
We strongly encourage other providers to follow Microsoft's lead by doing the same, as it will work to strengthen and preserve the confidentiality and privacy of data in the cloud for us all.
Visit the Windows Azure Security blog to learn more.