Microsoft Azure First Major Public Cloud Service Provider to Achieve CSA STAR Gold Certification

Herndon, VA, November 10, 2016 – BSI, the business standards company, announces that Microsoft Azure has achieved Cloud Security Alliance (CSA) STAR Certification, making it the only major public cloud service provider to earn this distinction.

CSA STAR Certification was developed in conjunction with BSI to ensure cloud service providers are better able to maintain data confidentiality, integrity and availability. By achieving CSA STAR Certification, Microsoft will be able to give prospective Azure customers a greater confidence in the level of security controls Microsoft has in place.

“Microsoft Azure has again led the way in information security by implementing the strongest possible controls by achieving the CSA STAR Certification. BSI is delighted to have been chosen to certify that Microsoft’s rigorous controls meet the strict criteria as set by the Cloud Security Alliance,” stated Todd VanderVen, President of BSI.

“With CSA STAR Certification, customers can gain confidence that Microsoft Azure is meeting customer needs and relevant regulatory requirements, as well as actively monitoring, measuring and continually improving the effectiveness of our management system,” said Alice Rison, Trust and Transparency Senior Director of Microsoft. “In addition, Microsoft Azure has proved its diligence and effective methods around corrective actions, addressing customer complaints and implementing a systematic process to remediate issues.”

CSA STAR Certification is based upon achieving ISO/IEC 27001, the international standard for Information Security and being assessed on specific criteria outlined in the CSA Cloud Controls Matrix (CCM). There are 11 controls areas within this matrix covering 5 capability factors, including Communication and stakeholder engagement; Policies, plans and procedures and a systematic approach; Skills and expertise; Ownership, leadership and management; and Monitoring and measuring. A performance score is given to each capability factor for every control area to indicate the maturity of the system. There are clear criteria for each individual score that will contribute to an overall Gold, Silver or Bronze rating.

Notes to Editors:

Please note no certification can ever guarantee information is 100% secure, however, ISO/IEC 27001 certification combined with CSA STAR Certification ensures a cloud provider has an appropriate system for the type of information it is handling.

About BSI:

BSI (British Standards Institution) is the business standards company that equips businesses with the necessary solutions to turn standards of best practice into habits of excellence. Formed in 1901, BSI was the world’s first National Standards Body and a founding member of the International Organization for Standardization (ISO). Over a century later, it continues to facilitate business improvement across the globe by helping its clients drive performance, manage risk and grow sustainably through the adoption of international management systems standards, many of which BSI originated. Renowned for its marks of excellence including the consumer recognized BSI Kitemark™, BSI’s influence spans multiple sectors including aerospace, construction, energy, engineering, finance, healthcare, IT and retail. With over 70,000 clients in 150 countries, BSI is an organization whose standards inspire excellence across the globe. 

About CSA:

Cloud Security Alliance (CSA) is a non-profit organization founded in the RSA Conference 2009. Since its establishment, CSA quickly obtained a wide recognition in the industry. CSA members cover almost all the world class telecom operators, IT and network equipment manufacturers, network security vendors, cloud computing providers, as well as the VIP cloud computing customers. CSA is becoming one of the most active security investigators and driving force in the cloud computing & cloud security field.

About Microsoft Azure:

Microsoft Azure is a public cloud platform that companies can use to build, deploy, and manage applications quickly across a global network of Microsoft-managed data centers. Azure provides both lower level infrastructure services (also known as infrastructure as a service [IaaS]) as well as higher level platform services (platform as a service [PaaS]).

IaaS provides the basic components needed to build a virtual IT infrastructure: the functions of a computer, storage, and network. With a focus on the virtual functions instead of the physical machines, IaaS facilitates automation with resilience, scale, and ease of management. 

With PaaS, Azure delivers the service, keeps it running, makes it scalable and resilient, and patches itself when broken, all without any downtime to running applications. Moreover, organizations can build applications using multiple languages and tools while integrating Azure services into their existing IT environment through a number of hybrid connectivity options.