PRIVACYRELIABILIT Y SECURITY Secures against attacks Protects confidentiality, integrity, and availability of data and systems Helps manage risk Protects from unwanted communication User choice and control Products, online services adhere to fair information principles Dependable, available Predictable, consistent, responsive service Maintainable Resilient, easily restored Proven, ready

1,000 US consumers surveyed by Wakefield research

Broad Network Access Rapid Elasticity Measured Service Self- Service Resource Pooling Service Model IaaS PaaS SaaS

BENEFIT S privacy security reliability scalability increased agility flexibility Reduced costs CONCER NS

CLOUD PROVIDER SaaSPaaSIaaS RESPONSIBILITY: Data classification Application level controls Client and end point protection Network controls Physical security Identity and access management Host security CLOUD CUSTOMER

57% Time Savings 3X Money Savings 54% Improved Security

44% Security Concerns 61% Industry Standards 59% Transparency

What are your current IT capabilities? Can you improve your people, processes, and technologies? Can cloud reduce your risks while reducing cost?

CCM controlDescription DG-01 Data Governance - Ownership / Stewardship All data shall be designated with stewardship with assigned responsibilities defined, documented and communicated. DG-02 Data Governance - Classification Data, and objects containing data, shall be assigned a classification based on data type, jurisdiction of origin, jurisdiction domiciled, context, legal constraints, contractual constraints, value, sensitivity, criticality to the organization and third party obligation for retention and prevention of unauthorized disclosure or misuse.

Where are you now? Where will you be? Can cloud help?

Microsoft’s Standard Responses on STAR Specific details about Office 365, Windows Azure and Dynamics CRM Security and Privacy is mapped to the CCM and the ISO certification. Standard from the Cloud Security Alliance (CSA) The Cloud Security Alliance Cloud Controls Matrix (CCM) is specifically designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider.

Cloud Security Readiness Tool (CSRT) data between October 2012 and March Approximately 5700 anonymized answers to CSRT questions Margin of error +/- 1% USA/EUROPE +/- 10% ASIA

STRONGER INFORMATION SECURITY antivirus/antimalwar e software clock synchronization SECURITY ARCHITECTURE FACILITY SECURITY controlled user access to data

WEAKER OPERATIONS MANAGEMENT effective equipment maintenance LEGAL PROTECTION nondisclosure agreements INFORMATION SECURITY consistent incident reporting OPERATIONS MANAGEMENT effective capacity planning HUMAN RESOURCES SECURITY prudent hiring practices

 If the answer was Almost There or Streamlined, a +1 value was assigned for maturity.  If the answer was Getting Started or Making Progress, a -1 value was assigned for maturity.

Resource planning Equipment maintenance

The better you understand your people, processes, and technologies, the more you will be able to make informed comparisons and evaluate the benefits of the cloud. Visit the Trustworthy Computing – Cloud TechCenter and its many resources: The Cloud Security Readiness Tool A free assessment to help you evaluate the benefits of the cloud create a plan for adoption better understand your organization’s capabilities Additional resources on cloud security, privacy, and reliability microsoft.com/trustedcloud