Reflecting Microsoft’s approach to privacy by design, Microsoft Dynamics CRM Online was built from the ground up with strong data protection in mind.
In the following pages, we will discuss Microsoft’s philosophical and practical approach to safeguarding information in the cloud, as well as several of the tangible benefits that have resulted for Microsoft Dynamics CRM Online customers.
In today’s business environment, employees find the ability to use their personal devices for work results in increased job satisfaction and improved productivity. But this flexibility introduces new concerns for network administrators: how to keep organizational intellectual property secure in an environment that is a mix of devices and applications from various vendors operating outside the protective barrier of the network firewall. Join us as we discuss and demonstrate how Microsoft’s Enterprise Mobility + Security technology can be used to secure iPhones, iPads, and Android devices and the data they contain from modern threats.
A Question of Trust: How Service Providers Can Attract More Customers by Deli...SafeNet
Offering an outsourced, elastic, pay-as-you-go computing infrastructure, cloud computing services can deliver clear cut benefi ts to a host of companies. Today, however, security concerns are a big barrier to many clients’ adoption of cloud services. To boost market share and gain competitive distinction, cloud service providers need to add the security infrastructure that safeguards clients’ sensitive data and fosters trust. This white paper outlines the path cloud providers can take to start building trust into cloud deployments, and details the approaches and capabilities organizations need to make this transition a reality.
What's new in Exchange Online - Microsoft Office 365 - AtidanDavid J Rosenthal
Exchange Online
Work smarter, anywhere, with hosted email for business.
Security and reliability
Exchange Online helps protect your information with advanced capabilities. Anti-malware and anti-spam filtering protect mailboxes. Data loss prevention capabilities prevent users from mistakenly sending sensitive information to unauthorized people. Globally redundant servers, premier disaster recovery capabilities, and a team of security experts monitoring Exchange Online around the clock safeguard your data. And with a guaranteed 99.9% uptime, financially-backed service level agreement, you can count on your email always being up and running.
Stay in control
Maintain control over your environment while gaining the advantage of hosting your email on Microsoft servers. Manage your organization efficiently with the Exchange admin center, an easy-to-use, web-based interface. Run In-Place eDiscovery across Exchange, SharePoint, and Skype for Business data from a single interface through the eDiscovery Center. With mobile device policies, you can create approved mobile device lists, enforce PIN lock, and remove confidential company data from lost phones. And IT-level phone support is available to you 24 hours a day, 7 days a week.
Easy to use and maintain
It’s easier than ever to provide your users with the business email they need to stay productive. Automatic patching eliminates the time and effort of maintaining your system. Give your users an In-Place Archive, so they can keep all their important data in one place. And provide them with anywhere access to email, calendar, and contacts on all major browsers and across devices. Integration with Outlook means they’ll enjoy a rich, familiar email experience with offline access.
In today’s business environment, employees find the ability to use their personal devices for work results in increased job satisfaction and improved productivity. But this flexibility introduces new concerns for network administrators: how to keep organizational intellectual property secure in an environment that is a mix of devices and applications from various vendors operating outside the protective barrier of the network firewall. Join us as we discuss and demonstrate how Microsoft’s Enterprise Mobility + Security technology can be used to secure iPhones, iPads, and Android devices and the data they contain from modern threats.
A Question of Trust: How Service Providers Can Attract More Customers by Deli...SafeNet
Offering an outsourced, elastic, pay-as-you-go computing infrastructure, cloud computing services can deliver clear cut benefi ts to a host of companies. Today, however, security concerns are a big barrier to many clients’ adoption of cloud services. To boost market share and gain competitive distinction, cloud service providers need to add the security infrastructure that safeguards clients’ sensitive data and fosters trust. This white paper outlines the path cloud providers can take to start building trust into cloud deployments, and details the approaches and capabilities organizations need to make this transition a reality.
What's new in Exchange Online - Microsoft Office 365 - AtidanDavid J Rosenthal
Exchange Online
Work smarter, anywhere, with hosted email for business.
Security and reliability
Exchange Online helps protect your information with advanced capabilities. Anti-malware and anti-spam filtering protect mailboxes. Data loss prevention capabilities prevent users from mistakenly sending sensitive information to unauthorized people. Globally redundant servers, premier disaster recovery capabilities, and a team of security experts monitoring Exchange Online around the clock safeguard your data. And with a guaranteed 99.9% uptime, financially-backed service level agreement, you can count on your email always being up and running.
Stay in control
Maintain control over your environment while gaining the advantage of hosting your email on Microsoft servers. Manage your organization efficiently with the Exchange admin center, an easy-to-use, web-based interface. Run In-Place eDiscovery across Exchange, SharePoint, and Skype for Business data from a single interface through the eDiscovery Center. With mobile device policies, you can create approved mobile device lists, enforce PIN lock, and remove confidential company data from lost phones. And IT-level phone support is available to you 24 hours a day, 7 days a week.
Easy to use and maintain
It’s easier than ever to provide your users with the business email they need to stay productive. Automatic patching eliminates the time and effort of maintaining your system. Give your users an In-Place Archive, so they can keep all their important data in one place. And provide them with anywhere access to email, calendar, and contacts on all major browsers and across devices. Integration with Outlook means they’ll enjoy a rich, familiar email experience with offline access.
Intro to Office 365 Security & Compliance CenterCraig Jahnke
This is a session I gave at SharePoint Saturday Atlanta --> The Office 365 Security & Compliance Center is your one-stop portal for protecting your data in Office 365. Microsoft has been adding many new features and services for those companies that have data protection or compliance needs, or want to audit user activity in their organization. Come to my session to learn how to get started with Security & Compliance Center, and find out you can better manage and secure you data.
Leverage Your SharePoint Investment with Enterprise Social Networkingtibbr
tibbr enhances the value of Microsoft SharePoint by connecting your company’s content repositories with the relevant colleagues, groups, and systems across your entire business. By tapping the power of its subject-based architecture, tibbr delivers SharePoint documents to the right people at the right time inside your social computing environment.
Download “tibbr: Sharepoint" to see how tibbr features robust, bi-directional integrations with SharePoint, both inside tibbr’s enterprise social computing platform and inside SharePoint itself.
For more information, please visit http://www.tibbr.com/
What makes the next-generation firewall better than the traditional firewalls in protecting your data from hackers? Know more information from Netmagic!
Netmagic stresses on how switching to the cloud allows organizations to meet their changing needs and goals without large capital or time investments. Read more here!
Cloud Computing Trends: at the Horizon\'s WatchJocelynDG
As follow up to our cloud primer, Cloud Computing: Fact versus Fog, Grail Research interviewed 20 cloud computing experts in order to offer cloud providers, investors and prospective customers a more detailed and consolidated understanding of who cloud customers are and what is driving them to move to cloud today. Experts interviewed for this study span a cross-section of the most progressive cloud thinkers, including industry analysts, senior executives at major cloud vendors, and founders of technology firms. This report summarizes the key themes about customers and adoption drivers that emerged from the research.
According to cloud computing statistics, 74% of enterprises use a hybrid and multi-cloud strategy today. 69% of organizations were planning to use a multi-cloud environment.
Intro to Office 365 Security & Compliance CenterCraig Jahnke
This is a session I gave at SharePoint Saturday Atlanta --> The Office 365 Security & Compliance Center is your one-stop portal for protecting your data in Office 365. Microsoft has been adding many new features and services for those companies that have data protection or compliance needs, or want to audit user activity in their organization. Come to my session to learn how to get started with Security & Compliance Center, and find out you can better manage and secure you data.
Leverage Your SharePoint Investment with Enterprise Social Networkingtibbr
tibbr enhances the value of Microsoft SharePoint by connecting your company’s content repositories with the relevant colleagues, groups, and systems across your entire business. By tapping the power of its subject-based architecture, tibbr delivers SharePoint documents to the right people at the right time inside your social computing environment.
Download “tibbr: Sharepoint" to see how tibbr features robust, bi-directional integrations with SharePoint, both inside tibbr’s enterprise social computing platform and inside SharePoint itself.
For more information, please visit http://www.tibbr.com/
What makes the next-generation firewall better than the traditional firewalls in protecting your data from hackers? Know more information from Netmagic!
Netmagic stresses on how switching to the cloud allows organizations to meet their changing needs and goals without large capital or time investments. Read more here!
Cloud Computing Trends: at the Horizon\'s WatchJocelynDG
As follow up to our cloud primer, Cloud Computing: Fact versus Fog, Grail Research interviewed 20 cloud computing experts in order to offer cloud providers, investors and prospective customers a more detailed and consolidated understanding of who cloud customers are and what is driving them to move to cloud today. Experts interviewed for this study span a cross-section of the most progressive cloud thinkers, including industry analysts, senior executives at major cloud vendors, and founders of technology firms. This report summarizes the key themes about customers and adoption drivers that emerged from the research.
According to cloud computing statistics, 74% of enterprises use a hybrid and multi-cloud strategy today. 69% of organizations were planning to use a multi-cloud environment.
Modernization doesn't happen overnight. But by reassessing your existing IT portfolio, including infrastructure and applications, as well as your current processes and roles, you can better understand how you can leverage cloud technologies to deliver value faster.
Microsoft Services offers an end-to-end approach to modernization and DevOps. Our goal is to help you transform your environment so you can deliver continuous value. We’ve built our approach based on experience with thousands of customers, as well as our own transformation journey.
Case on Customer Relationship Management Heads to the CloudAzas Shahrier
This MIS / CIS case analysis was given to identify the followings;
a) What type of companies are most likely to adopt cloud-based CRM software services? Why? What companies might not be well suited for this type of software?
b) What are the advantages and disadvantages of using cloud-based enterprise applications?
c) What people, organization and technology issues should be addressed in deciding whether to use a conventional CRM system versus a cloud-based version?
"In this issue of “The 10 Most Trusted Companies in
Enterprise Security” Insights Success has shortlisted
those enterprise security providers which are providing
solutions that are systematically profile and
contextualize security threats with a level of detail and
granularity that has never been achieved before."
Everything To Know About Cloud Computing, Engineer Master Solutionsengineermaste solution
Cloud Computing is the sixth generation of Technology, yet there are many people who are not fully-aware of what it is and how it is helpful for the business. So, here is a picturization to make you understand and to read the whole blog visit www.engineermaster.in
Security in Clouds: Cloud security challenges – Software as a
Service Security, Common Standards: The Open Cloud Consortium – The Distributed management Task Force – Standards for application Developers – Standards for Messaging – Standards for Security, End user access to cloud computing, Mobile Internet devices and the cloud. Hadoop – MapReduce – Virtual Box — Google App Engine – Programming Environment for Google App Engine.
Microsoft "Nine things we learned about cloud compliance in Latin America"Robert Ivanschitz
I trust you find of value this article distributed last week during the FinTech Americas Summit in Miami. Special thanks and recognition to Daniel Korn and Michael McLoughlin for their partnership publishing this document.
Cloud Computing & ITSM - For Better of for Worse?ITpreneurs
his article explores the question whether the relationship will be “a marriage made in heaven?” It also explores the issue of “who is the bride and who is the groom?” As you read further, you can also decide whether the relationship between Cloud Computing and ITSM is “for better or for worse?”
What are the advantages of adopting public cloudNicole Khoo
Public cloud computing brought a fundamental change from the conventional norms of an organizational data center to a parameterized open environment to use by adversaries.
Similar to Privacy in the Public Cloud: Microsoft Dynamics CRM Online (20)
Presentation from
Serge Hanssens, Advisory Director, PwC Luxembourg, delivered at the Dynamic Business Event organized by Nerea & Microsoft on April 16th 2013 in Luxembourg
Presentation from
Jean-Philippe Quin, Head of IT Business Services Transition at Lombard International Assurance, delivered at the Dynamic Business Event organized by Nerea & Microsoft on April 16th 2013 in Luxembourg
This document is a property of Microsoft Corporation.
Microsoft is defining a connected and forward-looking enterprise, the successful enterprise of the future.
This paper shows how Microsoft® Office, Microsoft SharePoint®, Microsoft Exchange, and Microsoft Office Communications Server contribute to the powerful architectural design of the Microsoft Business Productivity Infrastructure (BPI). The BPI stack approach suggests that only by thinking at a capability level (for example, “What do users want to do?‖), and then adding the right aspects of capability in each place (client, server, and services), can we create desktop applications that also deliver rich server and services capabilities to information workers.
This paper shows how two products, Microsoft® Office and Microsoft SharePoint®, contribute to the powerful architectural design of the Microsoft Business Productivity Infrastructure (BPI). The BPI stack
approach suggests that only by thinking at a capability level (for example, “What do information workers want to do?”), and then adding the right aspects of capability in each place (client, server, and services), can we create desktop applications that also deliver rich server and services capabilities to information workers.
This evaluation guide is designed to help you understand the design goals, feature set, and implementation for Microsoft® SharePoint® 2010. The guide provides an overview of the solutions and benefits provided by SharePoint 2010, as well as descriptions of new and improved features in the areas of collaboration, social networking, search, business intelligence, enterprise content management, and composite applications. It also provides a tour of the main feature areas in SharePoint 2010 and concludes with useful information for administrators and developers.
An independent study by Mainstay Partners evaluated the implementation of Microsoft® Office SharePoint® at three Fortune 500 companies with the goal of understanding how they use the Microsoft solution to enhance collaboration and foster a social online community across the organization. This report summarizes Mainstay’s assessment, which is based on interviews with executives and senior managers at the following organizations:
- Ford Motor Company
- Large Northeastern U.S.-based bank
- Electronic Arts Inc
Email & Mobile Marketing is available with a Campaign Commander solution by Emailvision.
Campaign Commander enables automation of online marketing activities to significantly increase the relevance and profitability of marketing and emailing campaigns.
Email subscriber information that’s linked to the Microsoft Dynamics CRM produces a bi-directional data flow of important customer metrics that helps marketers improve subscriber segmentation and helps sales teams to drive greater lead generation.
Nerea is an official reseller of TARGIT BI Suite.
Through its unique and intuitive user interface, TARGIT BI Suite integrates every single step in the optimal decision process.
Fast and accurate decisions call for easy access to knowledge. When interacting with computers, it’s all about the number of clicks. The more intelligent the system is, the fewer clicks needed. TARGIT BI Suite delivers business insights in the fewest clicks.
TARGIT BI Suite provides a vast number of ways in which you can visualize, illustrate and analyze your company data. And no matter what kind of analysis you do, TARGIT BI Suite remembers your preferences for presenting data.
Event management in Microsoft Dynamics CRM 2011Nerea
Microsoft Dynamics CRM 2011 includes an Event Management module that allows you to seamlessly plan, manage and optimise your events through a ready-to-use website template. Details are published to the client portal, where selected customers and prospects register their attendance. All responses and leads from those events are then tracked in CRM and converted to maximise business opportunities.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
4. 1
Privacy in the Public Cloud: Microsoft Dynamics CRM Online
1
Introduction
Since our 2010 whitepaper “Privacy in the Cloud,” awareness and adoption of cloud computing have continued
to increase. Global enterprises and entrepreneurs alike are turning to the cloud to accelerate innovation, launch
new businesses, and cut costs. Government agencies, public service providers, and educational institutions are
migrating to the cloud to better serve constituents and reduce IT spending, particularly in response to
shrinking budgets.
But not all the news has been positive. Hacking attacks, theft, and misuse of data managed by online service
providers have raised questions about the privacy and security of cloud computing.
For some large enterprises with highly sensitive data, such incidents have increased the appeal of private cloud
solutions. Indeed, a one-size-fits-all approach may not be appropriate for governments or large organizations
with many different classes of data, and private or hybrid cloud solutions that allow customers to keep selected
data on premises can make good sense for those with specialized data protection requirements. Microsoft
offers a full menu of private cloud solutions, and we recently published a whitepaper titled “Microsoft Private
Cloud: A Comparative Look at Functionality, Benefits, and Economics.”
But private clouds dedicate significant computing resources to just one or a handful of customers, so they can
be cost-prohibitive for many businesses and public-sector agencies that are anxious to reap the benefits of
cloud computing.
Consequently, we expect public cloud services—which use advanced, multi-tenant data centers1
to provide
highly scalable and affordable computing services to thousands of customers simultaneously—to be the most
popular cloud computing model for the
foreseeable future.2
Still, the growth of public cloud services is
not inevitable. Microsoft understands that
unless we are responsive to customers’ and
regulators’ questions about data protection
in public clouds, we will not earn the trust
that is necessary for our cloud services to
satisfy our customers’ needs.
This is why data protection figures
prominently in Microsoft Dynamics CRM
Online, Microsoft’s cloud-based customer
relationship management service.
1
“Microsoft Expands Cloud Computing Capabilities & Services in Europe.” Microsoft press release, Sept. 2009.
2
“The Economics of the Cloud.” Microsoft whitepaper, Nov. 2010.
5. 2
Privacy in the Public Cloud: Microsoft Dynamics CRM Online
2
Reflecting Microsoft’s approach to privacy by design, Microsoft Dynamics CRM Online was built from the ground
up with strong data protection in mind.
In the following pages, we will discuss Microsoft’s philosophical and practical approach to safeguarding
information in the cloud, as well as several of the tangible benefits that have resulted for Microsoft Dynamics
CRM Online customers.
Privacy at Microsoft
As part of our long-term commitment to Trustworthy Computing, Microsoft strives to earn and strengthen trust
by building robust privacy and data protections into our products and services. We work to responsibly manage
and protect the data we store, be transparent about our privacy practices, and offer meaningful privacy
choices. These three tenets—responsibility, transparency, and choice—are the foundation of Microsoft’s
approach to privacy.
Our privacy principles and our internal privacy standards guide the collection and use of customer and partner
information at Microsoft and give our employees a clear framework to help ensure that we manage data
responsibly.
To put our principles and standards into practice, we have invested heavily to build a comprehensive privacy
governance program. Microsoft employs more than 40 full-time privacy professionals, with several hundred
other employees helping to ensure that privacy policies, procedures, and technologies are applied across our
products and services.
When it comes to cloud computing, Microsoft has been addressing privacy issues associated with online
services since the launch of the MSN network in 1994. Today we manage a cloud-based infrastructure that
supports more than 200 online services and websites that attract more than 600 million unique users
worldwide each month.
We recognize that cloud services often raise unique security and privacy questions for business, education, and
government customers, so we have adapted our policies and governance programs to address customer
concerns, facilitate regulatory compliance, and build greater trust in cloud computing.
For example, we contractually commit to specific data handling processes as part of our agreements for
popular cloud services such as Microsoft Dynamics CRM Online, Microsoft Exchange Online, SharePoint Online,
and Lync Online. We also provide customers with flexible management tools that help protect sensitive data
and support compliance with government privacy and security guidelines.
Such transparent policies and strong tools are essential for our customers as they deal with the privacy and
security questions that arise from their use of cloud services.
The Microsoft Dynamics CRM Online Privacy Opportunity
Microsoft helped usher in the era of enterprise cloud computing in 2008 when Bill Gates announced that the
company would offer online versions of its popular Exchange Server and SharePoint Server software for
6. 3
Privacy in the Public Cloud: Microsoft Dynamics CRM Online
3
businesses. Since then, the company has not only expanded its software-as-a-service offerings but has
optimized those offerings to take full advantage of the flexibility, responsiveness, and efficiency of the cloud
and of Microsoft’s global network of technologically advanced data centers. Among the major releases in 2011
were online versions of Microsoft Office and Microsoft Dynamics CRM, an easy-to-use relationship management
application that delivers access to customer information through
the familiar Microsoft Outlook experience.
Microsoft Dynamics CRM Online was built with an emphasis on
strong data protection. Reflecting Microsoft’s approach to privacy
by design, a team of privacy professionals was dedicated to the
service early in the development cycle and worked in close
partnership with engineers, business planners, and marketers.
Consequently, privacy has been an integral part of Microsoft
Dynamics CRM Online from the beginning, not an afterthought.
In addition, employees distributed throughout the organization
are accountable for managing the service’s privacy and security
risks.
The result is an enterprise cloud service with robust data
protections that reflect Microsoft’s core privacy tenets of
responsibility, transparency, and choice.
Responsibility
We understand that managing customer information is a responsibility that includes important security and
privacy obligations. This is particularly true for cloud-based services such as Microsoft Dynamics CRM Online.
We have a broad network of people and processes that implement our privacy standards and provide privacy
guidance and training. If a privacy incident occurs, we have rigorous procedures to address the problem,
diagnose the cause, and update customers in a timely manner.
A few highlights of our approach to privacy governance in Microsoft Dynamics CRM Online are outlined below.
Standing the Test of Time
Criteria for determining appropriate levels of privacy and security in the cloud are changing rapidly. What
matters most today may be a low priority tomorrow. As a result, when evaluating a cloud provider,
organizations would be wise to consider the depth and breadth of the provider’s governance model and its
ability to quickly adapt to changing privacy priorities.
With Microsoft Dynamics CRM Online, we have employed a variety of risk management mechanisms to
appropriately manage regulatory change, organizational change, personnel change, and technological change.
Before the service was launched to the public, subject-matter experts conducted privacy, security, and
business continuity risk assessments on each part of the service and worked to remediate any identified risks.
Since the launch of the service, we have used a process of continuous monitoring that we call the Trustworthy
Services Lifecycle to ensure that our data protection systems are functioning properly. We test required
Microsoft Dynamics CRM is a
flexible business application that
helps organizations maximize
marketing dollars, amplify sales,
and more effectively manage
customer relationships. With the
cloud-based version, Microsoft
Dynamics CRM Online,
organizations get the same
powerful software delivered as a
cloud service, as well as anywhere
access, predictable pay-as-you-go
pricing, and a financially backed
service-level agreement (SLA).
7. 4
Privacy in the Public Cloud: Microsoft Dynamics CRM Online
4
functionality annually, semi-annually, quarterly, monthly, or at the time of each new release, depending on the
level of risk associated with the particular privacy or security control.
We conduct regular risk assessments to refresh the control framework and, if necessary, to reset priorities if
new aspects of the service emerge as high risk.
This multi-layered and continuous approach to monitoring the Microsoft Dynamics CRM Online data protection
environment helps us quickly diagnose and remedy problems that occur and helps our customers respond
quickly to shifting regulatory or industry requirements.
Enabling Regulatory Compliance
Just as Microsoft has a responsibility to process our enterprise customers’ information in a trustworthy manner,
many of our customers have a responsibility to comply with national, regional, and industry-specific
requirements governing the collection and use of individuals’ data.
As a provider of global cloud services, we must run our services with common operational practices and
features that span multiple customers and jurisdictions. To fulfill our privacy responsibility to our customers as
well as help our diverse customer base fulfill its regulatory obligations, we set the bar high and then build our
services to meet that bar using common privacy and security controls.
While it is ultimately up to our customers to determine whether our services satisfy their specific regulatory
needs, we are committed to providing detailed information about our cloud services to help them in their
assessments.
One tool we have developed to facilitate
customers’ assessments of Microsoft Dynamics
CRM Online is the Trust Center, an online
repository of detailed information about the
service’s approach to privacy and security. For
example, the Regulatory Compliance page of the
Trust Center explains how Microsoft Dynamics
CRM Online and our other cloud services help
facilitate compliance with a range of major
statutes, from European Union data protection
laws to the U.S. Gramm-Leach-Bliley Act, which
includes provisions on the protection of
consumers’ financial information.
On the Security, Audits, and Certifications page of the Trust Center, customers can locate information about
the certifications held by both Microsoft Dynamics CRM Online and the Microsoft data centers that host the
service. By making this information readily available, we empower customers to validate that what we say
about our security and privacy practices has been affirmed by an accredited third party.
One compliance framework in particular—the highly regarded ISO/IEC 27001 standard for information security
management systems—forms the foundation of our security and privacy approach with Microsoft Dynamics
8. 5
Privacy in the Public Cloud: Microsoft Dynamics CRM Online
5
CRM Online and its supporting infrastructure. ISO/IEC 27001 is one of the most widely recognized certifications
for a cloud service, and thus one of the
most valued by our customers.
In addition to having our independent
auditor, the British Standards Institute
(BSI), verify the compliance of Microsoft
Dynamics CRM Online with ISO/IEC 27001,
we have asked BSI to review additional
privacy controls that we built into the
service to better align it with comprehensive
European data protection regulations. We
have taken this unique approach to help our
European customers understand the
protections we have put in place to help
them satisfy the specific expectations of
both European citizens and European
regulators.
The full results of BSI’s findings are
included in its ISO/IEC 27001 audit report
on Microsoft Dynamics CRM Online, a
summary of which is available to customers upon request.
Support for EU Model Clauses
In another effort to accommodate the data protection demands of European entities, starting in April 2012
Microsoft Dynamics CRM Online will offer customers who have European users and who manage their online
services through the Microsoft Online Services Portal the opportunity to sign data processing agreements with
the standard contractual clauses published by the European Commission.
European law prohibits companies from transferring personal data from the EU except under specific
conditions. One way to transfer such data is to procure cloud services from companies that abide by the
U.S.-EU Safe Harbor Framework. However, EU companies may want the more stringent protections of a
detailed data processing agreement and the standard contractual clauses published by the European
Commission, which are known as the EU Model Clauses. Our willingness to sign these agreements means that
Microsoft contractually guarantees that Microsoft Dynamics CRM Online will follow the stringent privacy and
security standards detailed in the EU Model Clauses.
Using Customer Data Only for the Customers’ Purposes
Responsible cloud providers must have strong internal policies in place that clearly delineate what the provider
and its partners can and cannot do with customer information.
At Microsoft, we understand that your data is your business. As part of providing a quality cloud service, we
will troubleshoot to prevent, identify, or repair problems with Microsoft Dynamics CRM Online and to improve
9. 6
Privacy in the Public Cloud: Microsoft Dynamics CRM Online
6
features in the application that help protect our customers. But we do not build advertising products out of our
customers’ data. We also don’t scan the content of our customers’ documents or files for the purpose of
building analytics, mining data, or advertising without our customers’ permission. In addition, Microsoft
Dynamics CRM Online allows customers to keep their data separate from other customers’ data.
Controlling Access to Customer Data
Microsoft applies strict controls over who is granted access to information stored in a customer’s Microsoft
Dynamics CRM Online database. Microsoft and vendor support personnel are required to have a legitimate
business justification to request access to Microsoft Dynamics CRM Online data, and the request must be
approved by the person’s manager. Access levels are also reviewed periodically to ensure that only Microsoft
employees or support personnel with an appropriate business justification have access to the systems.
Further, all Microsoft Dynamics CRM Online support personnel are accountable for their handling of customer
data. Accountability is enforced through a set of system controls, including the use of unique user names, data
access controls, and auditing. Unlike generic user names such as “Guest” or “Administrator,” unique names
connect the use of customer data to specific individuals.
For a detailed breakdown of how we handle specific classes of data stored and generated by users of Microsoft
Dynamics CRM Online, see the Data Use Limits page of the Microsoft Dynamics CRM Online Trust Center.
Securing Customer Information
According to a popular maxim in IT circles, “You can have security without privacy, but you can’t have privacy
without security.” This statement certainly applies to public cloud computing, where customers rely on online
service providers such as Microsoft not only to securely store their data but also to keep it safe from loss, theft,
or misuse by third parties, other customers, or even the provider’s employees.
We understand that robust physical and logical security is a prerequisite for any successful privacy program,
and we protect Microsoft Dynamics CRM Online using a comprehensive security regimen that is monitored 24/7
and updated regularly.
Microsoft Dynamics CRM Online provides features such as customizable security roles, business data auditing,
field-level security, and role-based forms that allow customers to ensure the appropriate level of security for
their implementation. The security features and services associated with Microsoft Dynamics CRM Online are
built in, reducing customers’ time and cost associated with securing their systems. At the same time, Microsoft
Dynamics CRM Online enables customers to easily control permissions, policies, and features through online
administration and management consoles.
Microsoft Dynamics CRM Online is a multi-tenant, public cloud service. That means one customer’s data may
be stored on the same hardware as several other customers’ data. This is one reason Microsoft Dynamics CRM
Online can provide the cost and scalability benefits it does. Microsoft goes to great lengths to ensure that the
multi-tenant architecture of Microsoft Dynamics CRM Online supports enterprise privacy and security
requirements, and we logically segregate data storage and processing for different customers through
specialized technology engineered specifically for that purpose.
10. 7
Privacy in the Public Cloud: Microsoft Dynamics CRM Online
7
Our data centers are designed, built, and managed using a “defense-in-depth” strategy at both the physical
and logical layers, and our services are engineered to be secure using Microsoft’s Security Development
Lifecycle.
All Microsoft Dynamics CRM Online data centers have biometric access controls, and most require palm prints
to gain entry. In addition, physical access to most data centers is controlled by two-tier authentication that
includes both proxy card access readers and hand geometry biometric readers.
For more on security in Microsoft Dynamics CRM Online and the Microsoft data centers that host the service,
please see the Microsoft Dynamics CRM Online Security and Service Continuity Guide and our Global
Foundation Services website.
Transparency
Although many organizations cite privacy and security concerns as major obstacles to their adoption of cloud
services, information about the privacy and security practices of many cloud providers is either difficult to find
or indecipherable to all but the most astute IT professionals.
To help our customers find answers to their privacy and security questions about Microsoft Dynamics CRM
Online, we strive to be as transparent as possible about our data protection policies and procedures. The
Microsoft Dynamics CRM Online Trust Center explains, in plain language, exactly how we handle and use data
gathered in customers’ interactions with Microsoft Dynamics CRM Online. Customers can find details about our
commitments in key privacy areas, including data use limits; administrative access; geographic boundaries;
third parties; security, audits, and certifications; and regulatory compliance.
Just as Microsoft Dynamics CRM Online will be a continuously evolving and improving service, the Trust Center
will be a living resource that customers can use to stay abreast of the most current and accurate information
available about privacy and security practices in Microsoft Dynamics CRM Online.
Geographic Boundaries
One of the most common questions asked of cloud providers is also one of the simplest: “Where is my data?”
We provide a thorough summary of our data location strategy for Microsoft Dynamics CRM Online on the
Geographic Boundaries page of the Trust Center.
This page describes where we store and access customer data in the course of providing the Microsoft
Dynamics CRM Online service. Microsoft has a regionalized data center strategy. The specific details of where
data is located or accessed from depend on the customer’s ship-to address, which the customer provides when
purchasing the service. The three regions are the Americas, Asia, and Europe.
The Geographic Boundaries page also outlines the steps we take to ensure that information is not lost if the
power fails in one data center. All such data is backed up in one or more data centers in the same region.
Third Parties
Another frequent topic of concern is third-party access to cloud data. Many customers worry that beyond the
cloud service provider they purchase services from directly, an unseen web of subcontractors, vendors, and
other third parties may be improperly accessing, reviewing, and using their information.
11. 8
Privacy in the Public Cloud: Microsoft Dynamics CRM Online
8
Microsoft readily acknowledges that it relies on partners and subcontractors to ensure that Microsoft Dynamics
CRM Online performs optimally for all of our customers, no matter where they are located. We think our
customers should be able to know not only what kinds of privacy and security minimums we expect of such
third parties but also who the third parties are.
We publish such information on the Third Parties page of the Microsoft Dynamics CRM Online Trust Center.
This page links to a current list of subcontractors and provides information about how we work to help ensure
that subcontractors comply with Microsoft’s privacy requirements. Subcontractors that work in facilities or on
equipment controlled by Microsoft must follow our privacy standards, and all other subcontractors must follow
privacy standards equivalent to our own.
Comparing Cloud Provider Controls and Policies
To help potential customers evaluate different cloud service providers, the not-for-profit Cloud Security Alliance
(CSA) has developed a set of security and privacy criteria called the Cloud Controls Matrix that customers can
use to compare different providers’ data protection controls and policies across 13 domains.
To help enable such comparisons with Microsoft Dynamics CRM Online, Microsoft developed a whitepaper that
details how Microsoft Dynamics CRM Online fulfills the security, privacy, compliance, and risk management
requirements defined in the Cloud Controls Matrix.
The paper is available in the Microsoft Dynamics CRM Online Trust Center and can also be downloaded from
the CSA’s searchable Security, Trust & Assurance Registry, which allows potential cloud customers to quickly
access information about a variety of cloud providers.
Choice
We believe that customers want clear opportunities to choose whether their information will be collected,
shared, or made public. This includes the flexibility to limit or eliminate information sharing or to set different
levels of access.
For business, government, and education customers, choice means having tools to maintain and control access
to the information stored in their cloud accounts. Microsoft has developed a number of tools for administrators
within customer organizations to control access to Microsoft Dynamics CRM Online.
Administrative Access
In formulating our strategy for administrative access to data managed by Microsoft Dynamics CRM Online, we
kept two priorities in mind:
We always give customers access to their own data.
Access to customer data is strictly limited, and sample audits are performed by both Microsoft and
third parties to verify that access is only for appropriate business purposes.
With Microsoft Dynamics CRM Online, customers have complete control over their data, business processes,
security policies, and user accounts. Administrators can enforce their organization’s privacy and security
policies and manage users by using a web-based management console.
12. 9
Privacy in the Public Cloud: Microsoft Dynamics CRM Online
9
Identity Management
Microsoft Dynamics CRM Online provides customers who manage their online services through the Microsoft
Online Services Portal two options for user identification: user IDs and federated IDs. In the first case,
administrators create user IDs for each of their organization’s individual users. Users sign in to all of their
Microsoft online services using a single login and password.
Alternatively, customers can choose federated identification, which uses on-premises Active Directory
Federation Services (a service of Microsoft Windows Server 2008) to authenticate users on Microsoft Dynamics
CRM Online using their existing corporate ID and password. In this scenario, identities are administered only
on premises. This enables organizations to use two-factor authentication (such as smart cards or biometrics in
addition to passwords) for maximum security.
Microsoft Partners
Lastly, Microsoft provides customers and their administrators with a number of ways to initiate, maintain, or
terminate relationships with Microsoft partners who are part of the Microsoft Dynamics CRM Online ecosystem.
We recognize that one compelling aspect of Microsoft Dynamics CRM Online is the number of partners who can
provide additional services that our customers may want. For instance, some customers may hire a Microsoft
support partner to administer their Microsoft Dynamics CRM Online service for them. To assist in maintaining
security and privacy while taking advantage of our network of partners, we provide tools that enable Microsoft
Dynamics CRM Online customers to monitor and quickly disable partners’ access to their information at any
time, without having to disable the underlying Microsoft Dynamics CRM Online account.
Conclusion
Many public and private organizations around the world are already enjoying the efficiency, flexibility, and cost
savings that cloud computing can provide. But others are waiting to move to the cloud until they have greater
trust that their information will remain private and secure. Because Microsoft recognizes that privacy and
security are major concerns for cloud customers, we developed the Microsoft Dynamics CRM Online service
from the ground up with strong data protection in mind. Additional information about Microsoft Dynamics CRM
Online can be found at http://crm.dynamics.com, and additional information about Microsoft’s approach to
privacy is available at www.microsoft.com/privacy.
Additional Information
“Privacy in the Cloud,” Microsoft whitepaper
“The Economics of the Cloud,” Microsoft whitepaper
Microsoft Dynamics CRM Online Security and Service Continuity Guide
Microsoft Dynamics CRM Online Trust Center website
Microsoft Global Foundation Services website
Whitepaper on security and privacy in Microsoft Dynamics CRM Online