The Rimrock team is often asked, “Would Microsoft tell me if my data in Azure suffers a security breach?” The short answer? Yes. Microsoft defines a security incident in the Online Services as illegal or unauthorized access that results in the loss, disclosure or alteration of Customer Data. The goal of security incident management is to identify and remediate threats quickly, investigating thoroughly, and notifying affected parties.
The Shared Responsibility Model
Microsoft Azure services use a shared responsibility model. This means that both Microsoft (as the cloud services provider) and the customer are accountable for portions of cloud security. While Microsoft Azure does not monitor for or respond to security incidents within the customer’s area of responsibility, they do provide many tools, such as Azure Security Center, to help with issues that may arise. There is also an effort to help make every service as secure as possible by default. That is, it comes with a baseline, which is already designed to provide security for most common use cases.
The Security Incident Response Process
If a security incident does occur, all Microsoft employees are trained to identify and escalate it appropriately. A dedicated team of security specialists within the Microsoft Security Response Center (MSRC) performs security Incident Response for Azure. The team follows a 5-step Security Incident Lifecycle and structured Standard Operating Procedure (SOP) to Detect, Assess, Diagnose, Stabilize, and Close security incidents.
Customer Security Incident Notification
If during the investigation of a security event, Microsoft becomes aware that customer data has been accessed by an unlawful or unauthorized party, the security incident manager will immediately begin execution of the Customer Security Incident Notification Process. The security incident manager only needs reasonable suspicion that a reportable event has occurred to begin execution of this process. The goal of the customer security incident notification process is to provide impacted customers with accurate, actionable, and timely notice when their customer data has been breached.
Microsoft is subject to several obligations and commitments when it comes to protecting customer data. The Azure Security Response Team’s work can be distilled down to these 4 core operating principles:
1.Microsoft will let its customers know if their data has been lost, altered or disclosed because of unlawful or unauthorized activities.
2.Microsoft will inform you of a security incident with actionable, timely data.
3.Microsoft values transparency regarding lessons learned or other repair items learned from a breach
4.Microsoft is committed to customer privacy and operates security incident response accordingly.
Customers using Microsoft Online Services can count on the security incident management program that Microsoft has put in place. The five-stage process, the MSRC Azure Security Response team, and the team training exercises all demonstrate Microsoft’s dedication to protecting their customers and their data.