Many companies are moving to the cloud however there are many things to consider. We have put together several points together addressing cloud services basics and Office 365 in Canada.
Types of Cloud Computing
- Infrastructure As A Service (IaaS) includes services like storage, backup, disaster recovery, databases, and security to mention a few services. An example is Microsoft Azure which includes scalable services such as databases, storage, virtual private servers and support services that are available on demand by the hour or usage.
- Platform As A Service (PaaS) is often used for organizations that are developing or modifying their own software applications. PaaS offers great support for software development processes, including the entire development cycle which includes prototyping, developing, testing, deploying, and hosting. Some examples of PaaS include Google App Engine and Microsoft Azure.
- Software As A Service (SaaS) term is basically any Internet-based application or service. SaaS is software that runs or is hosted on the provider’s premises and payment is by subscription. The availability, functionality and maintenance of system is the responsibility of the cloud services provider.
Office 365 Compliance Standards
- Health Insurance Portability and Accountability Act (HIPAA) imposes on our customers that may be “covered entities” under the law security, privacy, and reporting requirements regarding the processing of electronic protected health information. Office 365 provides physical, administrative, and technical safeguards to comply with HIPAA. Microsoft will also sign a HIPAA Business Associate Agreement (BAA) if needed.
- Data processing agreements (DPAs) provides customers with contractual assurances regarding how Microsoft handles and safeguards client data. Since Microsoft will sign DPAs, they are committed to over 40 specific security commitments collected from regulations worldwide.
- Federal Information Security Management Act (FISMA) requires U.S. federal agencies to develop, document, and implement controls to secure their information and information systems.
- ISO 27001 is one of the top security benchmarks available in the world and Office 365 is the first major business productivity public cloud service to have implemented the rigorous set of physical, logical, process and management controls.
- European Union (EU) Model Clauses is a key instrument of EU privacy and human rights law which requires customers in the EU to legitimize the transfer of personal data outside of the EU. This model is recognized as a preferred method for legitimizing the transfer of personal data outside the EU for cloud computing environments.
- S.–EU Safe Harbor framework enables customers to legally transfer personal data outside of the EU under the EU Data Protection Directive.
- Family Educational Rights and Privacy Act (FERPA) imposes requirements on U.S. educational organizations regarding the use or disclosure of student education records, including email and attachments.
- Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) pertains to how private sector organizations collect, use, and disclose personal information in the course of commercial business. Microsoft supports compliance with PIPEDA.
Special Considerations when considering the Cloud
It is extremely important that you preform your due diligence and check up on a company before you store any data in the cloud. Always ask for references and you should ask the following questions:
- How long has the cloud services company been in business?
- Where are their physical servers located?
- What is their security of their data centre? Is it ISO certified? Security measures?
- When was the last security audit conducted what are the results?
- What assurances are being offered in writing including notification of breach, is there insurance on loss or theft?
- Always verify with clients (Government or regulated industries) prior to any commitment. Many sectors do perform audits on their suppliers to verify to conform to industry standards or their own.