Microsoft Trusted Cloud supports highly regulated industries
By Michael Wignall, Chief Technology Officer, Microsoft UK on February 12, 2018
Filed under Microsoft in Government
|Focus on: Trusted Cloud|
Let me ask you a question: if you work in a highly regulated industry such as government, financial services, or healthcare, and you haven’t started your move to the cloud, why not? The hard truth is, if you haven’t started moving to the cloud, you could be left behind. The cloud is not new anymore—it’s not untested—and chances are that many organizations in your industry are well into their own cloud journey. Consider these questions: what’s preventing you from moving forward? What’s the opportunity cost of staying put? And what advantages are your competitors gaining in this digital age? I want to share today why you should consider taking the first step in your journey to the cloud with the Microsoft Trusted Cloud platform.
A big barrier to the cloud that I hear about often is regulatory or industry compliance. I spend most of my time working with regulators and policy makers to ensure that the technology Microsoft is bringing to market meets local laws and aligns to regulatory policies for government and industry alike. I ensure we’re listening to their concerns and issues and tracking new laws and policies coming down the line. Everything I learn I take back to Microsoft engineering and our local teams to ensure we are working to meet whatever regulation or policy that exists or is being planned, so our customers can benefit from our cloud services without delay. But part of my role is also to help regulators and policy makers understand technology and where tech organizations like Microsoft are going with it, and to help organizations like yours understand how Microsoft operates around our trusted cloud principles—security, privacy, compliance, and transparency—and how we map those to policy and regulations that exist in regulated industries.
Right now, organizations I talk to are worried about the May 2018 deadline to comply with the General Data Protection Regulation (GDPR), which affects any organization—no matter where they are located—that offers goods and services to people in the EU, or who collect and analyze data tied to EU residents. Most organizations in the world engage with citizens in the EU, so they may see GDPR as a barrier to the cloud because they are worried about data compliance, downstream data processes, and the contractual requirements. But Microsoft’s position is clear: we support GDPR compliance, and we have the evidence and contractual clauses to help you and the regulators understand how. A move to our cloud technology can help you accelerate your readiness to meet GDPR compliance as the deadline approaches. And if you are already using our cloud technology—Microsoft 365, Dynamics 365, Azure—you have the data privacy controls and security capabilities to help ensure your organization demonstrates compliance as well.
Another barrier to the cloud I often hear about is security and the general sense of risk, both to the organization and to the data the organization holds. And while their concern is understandable—we could be talking about critical national infrastructure or national security, after all—many of these organizations who have moved to the Microsoft cloud are realizing that in many respects they have better security and resilience in the cloud than they could ever achieve on their own. In fact, Microsoft invests $1 billion a year on security—that’s way beyond what any organization could do on its own. In the UK and other geographical regions like Germany or Australia, we also provide access to the Microsoft cloud platform through local datacenters to help meet local laws or concerns about data residency. As a result, we’ve seen how some of our cloud customers, like the UK Ministry of Defence, for example, can show compliance with country or industry regulations and be confident in the security of their own data because they can control where their data resides in our cloud and they have the proper controls in place and tools like Office 365 Advanced Threat Protection, Customer Lockbox, Rights Management Services, Data Loss Protection, and other capabilities that help ensure they control use of their data.
Moving to the cloud isn’t only about compliance and security, though. Many organizations in highly regulated industries who have adopted Microsoft 365, which brings together Office 365, Enterprise Mobility + Security, and Windows 10, are interested in empowering their employees with better capabilities that enable virtual workspaces for teamwork, work from anywhere flexibility, and self-service analytics. Moving to Microsoft 365 enabled them to optimize their infrastructure and provide everything from a modern desktop to voice communication solutions to unified management controls in a secure, consistent way from a single vendor. Their employees are more empowered to deliver innovative products and services, using capabilities that are evergreen, managed as a service, and secured by Microsoft. Many organizations see financial benefits as well. Instead of buying more expensive best of breed point solutions and requiring additional people to integrate these disparate systems together and manage them—which adds cost, complexity, and risk—they can simplify their infrastructure in our cloud and reduce their overall vendor footprint in addition to reducing their security and compliance risk.
The bottom line is, you should be considering our cloud solutions to help you ensure compliance and security for your organization. At Microsoft, we look at issues of compliance and security at an industry-wide level and fundamentally believe that we won’t be successful unless you are successful, so we are dedicated to helping you simplify your journey. You can learn more about beginning your journey to the Microsoft Trusted Cloud at the Microsoft Trust Center.