Moshe Ferber, profile picture
Uploaded byMoshe Ferber
1,037 views

The Cloud & I, The CISO challenges with Cloud Computing

The document discusses the challenges of CISOs in adopting cloud computing, highlighting various perspectives from different stakeholders like CEOs, CFOs, and end-users. It outlines concerns about security, compliance, and vendor trust, while introducing the shared responsibility model between cloud providers and users. Additionally, it emphasizes the importance of building a cloud strategy, evaluating providers, and integrating security into software lifecycles.

Embed presentation

The Cloud & I, CISO challenges with the cloud Moshe Ferber CCSK, CCSP When the winds of change blow, some people build walls and others build windmills. - Chinese Proverb
About myself  Information security professional for over 20 years  Founder, partner and investor at various cyber initiatives and startups  Popular industry speaker & lecturer (DefCon, BlackHat, Infosec and more)  Founding committee member for ISC2 CCSP certification.  CCSK Certification lecturer for the Cloud Security Alliance.  Member of the board at Macshava Tova – Narrowing societal gaps  Chairman of the Board, Cloud Security Alliance, Israeli Chapter
So, what is cloud?
Cloud Computing What the CEO think about it?
Cloud Computing How the CFO see it?
Cloud Computing How the End-User feel regarding it?
Cloud Computing And how the CISO Feels about it?
Everyday Examples “Moving to cloud will expose our data to foreign government” “I got a virtualized servers, so I already in the cloud” “I don’t trust the vendors” “What about compliance?” “Our regulator forbid us from moving to the cloud” “Cloud lacks the visibility we need” “We use hosting, so we are already in the cloud.” “We will loose control over our assets” “And What about the NSA…?” “Cloud services are not mature enough”
AgilityAgility What do you say… And how the CISO understand it
ScalabilityScalability What do you say… And how the CISO understand it
ComplianceCompliance What do you say… And how the CISO understand it
ManageabilityManageability What do you say… And how the CISO understand it
ReliabilityReliability What do you say… And how the CISO understand it
Multi tenancyMulti tenancy What do you say… And how the CISO understand it
And of course, you can not avoid the big question… Who is more secured? Cloud or on premise?
Can we define what is more secure? > <=
Can we define which cloud service? Cloud provider A Cloud provider B
Does it really matter?
Cloud Services are very different in nature SaaS PaaS IaaS Private Hybrid Public
The shared responsibility model Physical Security Network & Data Center Security Hypervisors Security Virtual Machines & OS security Data layer & development platform Application Identity Management DATA Audit & Monitoring IaaS PaaS SaaS Consumer responsibility Provider responsibility
So, bottom line, is cloud security improving?
Providers are doing more to increase trust
Improvement with security standards & compliance
Security automation is improving, specially in IaaS/PaaS
Monitoring & auditing are improving
Legal eco-system is getting complicated Technical complexity Legal complexity
Configuration is still open by default, very easy to make mistakes Legal complexity
Increased chances for cloud provider lock-in Legal complexity
Government snooping is increasing Legal complexity
Cloud Focused (Heavy use) Cloud Adopters (running apps in the cloud) Cloud Curious (First projects) Cloud Avoider (Private Cloud adapters) National Infrastructure Cloud challenges varies depending on the market sector Startups Energy SMB Hi Tech Government Health Military Telecom providers Homeland & Military industries Utility Retail Banks Financial Services Industry
The Challenge: Private cloud still got the same attack vectors! Cloud Attack Vectors Provider Administration Management Console Multi tenancy & Virtualization Automation & API Chain of supply Side Channel Attack Insecure Instances Cloud Avoiders Cloud Curious Cloud Adopters Cloud Focused
The Challenge: Build your Cloud strategy Cloud Curious Cloud Avoiders Cloud Adopters Cloud Focused
The challenge: Understand the share responsibility model Cloud Curious Cloud Avoiders Cloud Adopters Cloud Focused
The Challenge: Evaluating the providers Cloud Adopters Cloud Avoiders Cloud Curious Cloud Focused
Copyright © 2015 Cloud Security Alliance Industry Standards used by Major Cloud Providers ISO/IEC 27018:2014 Cloud Adopters Cloud Avoiders Cloud Curious Cloud Focused
The Challenge: Look for those abundant applications that can benefit from cloud computing Cloud Adopters Cloud Avoiders Cloud Curious Cloud Focused Public Cloud Integrity Availability On premise Confidentiality
Telecom Providers The Challenge: Building cloud services Transparency Certifications Security operations Cloud Adopters Cloud Avoiders Cloud Curious Cloud Focused
The Challenge: managing multiple cloud applications Governance Encryption Identity management Availability Cloud Focused Cloud Avoiders Cloud Curious Cloud Adopters DLP
Startups The Challenge: Integrating security into your software lifecycle & operations Monitoring Static & Dynamic Analysis Multi Tenancy DEVOPS Cloud Focused Cloud Avoiders Cloud Curious Cloud Adopters
To wrap Things Up… Join CSA Israel Facebook & LinkedIn Forums in order to stay updated regarding latest technologies and community meetups. Don’t let security hold you down
To wrap Things Up… Join CSA Israel Facebook & LinkedIn Forums in order to stay updated regarding latest technologies and community meetups. Use the right tools
To wrap Things Up… Perform responsible cloud adoption!
KEEP IN TOUCH Cloud Security Course Schedule can be find at: http://www.onlinecloudsec.com/course-schedule
Questions?

More Related Content

PPTX
Cloud security for banks - the central bank of Israel regulations for cloud s...
byMoshe Ferber
 
PPTX
Surviving the lions den - how to sell SaaS services to security oriented cust...
byMoshe Ferber
 
PPTX
The Notorious 9 Cloud Computing Threats - CSA Congress, San Jose
byMoshe Ferber
 
PPTX
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013
byMoshe Ferber
 
PPTX
Transforming cloud security into an advantage
byMoshe Ferber
 
PPTX
Aligning Risk with Growth - Cloud Security for startups
byMoshe Ferber
 
PPTX
Cloud security what to expect (introduction to cloud security)
byMoshe Ferber
 
PPTX
Architect secure cloud services.
byMoshe Ferber
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
byMoshe Ferber
 
Surviving the lions den - how to sell SaaS services to security oriented cust...
byMoshe Ferber
 
The Notorious 9 Cloud Computing Threats - CSA Congress, San Jose
byMoshe Ferber
 
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013
byMoshe Ferber
 
Transforming cloud security into an advantage
byMoshe Ferber
 
Aligning Risk with Growth - Cloud Security for startups
byMoshe Ferber
 
Cloud security what to expect (introduction to cloud security)
byMoshe Ferber
 
Architect secure cloud services.
byMoshe Ferber
 

What's hot

DOCX
Cloud keybank privacy and owner authorization
byPvrtechnologies Nellore
 
PDF
Cloud Security Governance
byShankar Subramaniyan
 
PPTX
Security As A Service In Cloud(SECaaS)
byأحلام انصارى
 
PPTX
2012 10 cloud security architecture
byVladimir Jirasek
 
PPTX
cloud security ppt
byDevyani Vaidya
 
PPTX
Security as a Service Model for Cloud Environment
byKaashivInfoTech Company
 
PDF
Cloud Security Demystified
byMichael Torres
 
PDF
Cloud security
byBikashPokharel3
 
PDF
Cloud Security & Cloud Encryption Explained
byPorticor - The Cloud Security Experts
 
PDF
Secaa s cat_10_network_security_implementation_guidance
bydrewz lin
 
PPTX
Cloud security privacy- org
byDharmalingam S
 
PPTX
Security As A Service
byGeorge Fares
 
PPTX
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
byHimani Singh
 
PPTX
Chap 6 cloud security
byRaj Sarode
 
PDF
Cloud Computing Security - Cloud Controls Security
byHari Kumar
 
PDF
Strategy Cloud and Security as a Service
byAberla
 
PDF
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!
byNetskope
 
PPTX
C-Level tools for Cloud security
byVladimir Jirasek
 
PPTX
Cloud Access Security Brokers - CASB
bySamrat Das
 
Cloud keybank privacy and owner authorization
byPvrtechnologies Nellore
 
Cloud Security Governance
byShankar Subramaniyan
 
Security As A Service In Cloud(SECaaS)
byأحلام انصارى
 
2012 10 cloud security architecture
byVladimir Jirasek
 
cloud security ppt
byDevyani Vaidya
 
Security as a Service Model for Cloud Environment
byKaashivInfoTech Company
 
Cloud Security Demystified
byMichael Torres
 
Cloud security
byBikashPokharel3
 
Cloud Security & Cloud Encryption Explained
byPorticor - The Cloud Security Experts
 
Secaa s cat_10_network_security_implementation_guidance
bydrewz lin
 
Cloud security privacy- org
byDharmalingam S
 
Security As A Service
byGeorge Fares
 
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
byHimani Singh
 
Chap 6 cloud security
byRaj Sarode
 
Cloud Computing Security - Cloud Controls Security
byHari Kumar
 
Strategy Cloud and Security as a Service
byAberla
 
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!
byNetskope
 
C-Level tools for Cloud security
byVladimir Jirasek
 
Cloud Access Security Brokers - CASB
bySamrat Das
 

Viewers also liked

PDF
Cloud Computing Certification
byVskills
 
PDF
Cloud Security Standards: What to Expect and What to Negotiate V2.0
byCloud Standards Customer Council
 
PDF
Security Trainingen 2015
byRoderick Commerell
 
PPTX
cloud computing
byTapesh Chalisgaonkar
 
PDF
Privacy and security in the cloud Challenges and solutions for our future inf...
byPRISMACLOUD Project
 
PPTX
Cloud computing
byArar Fahem
 
PPTX
Slides cloud computing
byHaslina
 
PPT
Cloud computing simple ppt
byAgarwaljay
 
PPT
The NEW Way to Win Friends & Influence People (social media in events)
byLara McCulloch-Carter
 
PPTX
Introduction of Cloud computing
byRkrishna Mishra
 
Cloud Computing Certification
byVskills
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
byCloud Standards Customer Council
 
Security Trainingen 2015
byRoderick Commerell
 
cloud computing
byTapesh Chalisgaonkar
 
Privacy and security in the cloud Challenges and solutions for our future inf...
byPRISMACLOUD Project
 
Cloud computing
byArar Fahem
 
Slides cloud computing
byHaslina
 
Cloud computing simple ppt
byAgarwaljay
 
The NEW Way to Win Friends & Influence People (social media in events)
byLara McCulloch-Carter
 
Introduction of Cloud computing
byRkrishna Mishra
 

Similar to The Cloud & I, The CISO challenges with Cloud Computing

PPTX
What the auditor need to know about cloud computing
byMoshe Ferber
 
PPTX
Cloud security for financial services
byMoshe Ferber
 
PPTX
Cloud is not an option, but is security?
byJody Keyser
 
PDF
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
byShah Sheikh
 
PDF
Securing The Journey To The Cloud
byNiloufer Tamboly CISSP, CPA, CIA, CISA, CFE
 
PPTX
Forrester Research: Securing the Cloud When Users are Left to Their Own Devices
byNetskope
 
PPTX
Why the cloud is more secure than your existing systems
byErnest Mueller
 
PPT
4831586.ppt
byahmad21315
 
PPT
Cloud Computing Security Challenges
byYateesh Yadav
 
PPTX
Cloud Computing Security Essentials for beginners
byssuser1e89a0
 
PPTX
Cloud Security: A matter of trust?
byMark Williams
 
PDF
How Secure Is Cloud
byWilliam Lam
 
PPT
CC RiskChallenges power point presentation
by30523u09088
 
PDF
Cloud computing
byLearnbay Datascience
 
PPT
cloud-computing-security.ppt
bySaravanaKarthikeyan10
 
PDF
Lecture27 cc-security2
byAnkit Gupta
 
PPTX
Digitalkonferansen 2014 - Cirrus or Cumulus: Which cloud provider is the righ...
byMorgan Simonsen
 
PPTX
What is Cloud Security, and Can I Have Some?
byJohn Kinsella
 
PDF
Cloud presentatie bug 2011 v2
byFrank de Jong
 
PDF
Cloud security risks
byRevital Lapidot
 
What the auditor need to know about cloud computing
byMoshe Ferber
 
Cloud security for financial services
byMoshe Ferber
 
Cloud is not an option, but is security?
byJody Keyser
 
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
byShah Sheikh
 
Securing The Journey To The Cloud
byNiloufer Tamboly CISSP, CPA, CIA, CISA, CFE
 
Forrester Research: Securing the Cloud When Users are Left to Their Own Devices
byNetskope
 
Why the cloud is more secure than your existing systems
byErnest Mueller
 
4831586.ppt
byahmad21315
 
Cloud Computing Security Challenges
byYateesh Yadav
 
Cloud Computing Security Essentials for beginners
byssuser1e89a0
 
Cloud Security: A matter of trust?
byMark Williams
 
How Secure Is Cloud
byWilliam Lam
 
CC RiskChallenges power point presentation
by30523u09088
 
Cloud computing
byLearnbay Datascience
 
cloud-computing-security.ppt
bySaravanaKarthikeyan10
 
Lecture27 cc-security2
byAnkit Gupta
 
Digitalkonferansen 2014 - Cirrus or Cumulus: Which cloud provider is the righ...
byMorgan Simonsen
 
What is Cloud Security, and Can I Have Some?
byJohn Kinsella
 
Cloud presentatie bug 2011 v2
byFrank de Jong
 
Cloud security risks
byRevital Lapidot
 

More from Moshe Ferber

PPTX
Cloud Security - the egregious 11 cloud security threats
byMoshe Ferber
 
PPTX
Understanding IaaS/PaaS attack vectors.pptx
byMoshe Ferber
 
PPTX
Foundations of cloud security monitoring
byMoshe Ferber
 
PPTX
Cloud security certifications landscape
byMoshe Ferber
 
PPTX
Cloud Security Architecture.pptx
byMoshe Ferber
 
PPTX
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
byMoshe Ferber
 
Cloud Security - the egregious 11 cloud security threats
byMoshe Ferber
 
Understanding IaaS/PaaS attack vectors.pptx
byMoshe Ferber
 
Foundations of cloud security monitoring
byMoshe Ferber
 
Cloud security certifications landscape
byMoshe Ferber
 
Cloud Security Architecture.pptx
byMoshe Ferber
 
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
byMoshe Ferber
 

Recently uploaded

PPTX
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
PDF
apidays Paris 2025 | Zero Trust By Design
byapidays
 
PPTX
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
PDF
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
PDF
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
PPTX
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
PPTX
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
PDF
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
PPTX
Microsoft Azure News - February 2026 - BAUG
byDaniel Toomey
 
PPTX
Workflow and decision Automation with Flowable
bychakib ch
 
PDF
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
PDF
From Hallucinations to High-Confidence AI with Data Enrichment.pdf
byPrecisely
 
PDF
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
PPTX
PPTX game guess the logo with a twistppt
byAdrianAnig
 
PDF
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab | A. Jacobs
 
PDF
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
PDF
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
PDF
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
PDF
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
PPTX
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
apidays Paris 2025 | Zero Trust By Design
byapidays
 
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
Microsoft Azure News - February 2026 - BAUG
byDaniel Toomey
 
Workflow and decision Automation with Flowable
bychakib ch
 
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
From Hallucinations to High-Confidence AI with Data Enrichment.pdf
byPrecisely
 
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
PPTX game guess the logo with a twistppt
byAdrianAnig
 
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab | A. Jacobs
 
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 

The Cloud & I, The CISO challenges with Cloud Computing

  • 1.
    The Cloud &I, CISO challenges with the cloud Moshe Ferber CCSK, CCSP When the winds of change blow, some people build walls and others build windmills. - Chinese Proverb
  • 2.
    About myself  Informationsecurity professional for over 20 years  Founder, partner and investor at various cyber initiatives and startups  Popular industry speaker & lecturer (DefCon, BlackHat, Infosec and more)  Founding committee member for ISC2 CCSP certification.  CCSK Certification lecturer for the Cloud Security Alliance.  Member of the board at Macshava Tova – Narrowing societal gaps  Chairman of the Board, Cloud Security Alliance, Israeli Chapter
  • 3.
  • 4.
    Cloud Computing What theCEO think about it?
  • 5.
  • 6.
    Cloud Computing How theEnd-User feel regarding it?
  • 7.
    Cloud Computing And howthe CISO Feels about it?
  • 8.
    Everyday Examples “Moving tocloud will expose our data to foreign government” “I got a virtualized servers, so I already in the cloud” “I don’t trust the vendors” “What about compliance?” “Our regulator forbid us from moving to the cloud” “Cloud lacks the visibility we need” “We use hosting, so we are already in the cloud.” “We will loose control over our assets” “And What about the NSA…?” “Cloud services are not mature enough”
  • 9.
    AgilityAgility What do yousay… And how the CISO understand it
  • 10.
    ScalabilityScalability What do yousay… And how the CISO understand it
  • 11.
    ComplianceCompliance What do yousay… And how the CISO understand it
  • 12.
    ManageabilityManageability What do yousay… And how the CISO understand it
  • 13.
    ReliabilityReliability What do yousay… And how the CISO understand it
  • 14.
    Multi tenancyMulti tenancy Whatdo you say… And how the CISO understand it
  • 15.
    And of course,you can not avoid the big question… Who is more secured? Cloud or on premise?
  • 16.
    Can we definewhat is more secure? > <=
  • 17.
    Can we definewhich cloud service? Cloud provider A Cloud provider B
  • 18.
  • 19.
    Cloud Services arevery different in nature SaaS PaaS IaaS Private Hybrid Public
  • 20.
    The shared responsibilitymodel Physical Security Network & Data Center Security Hypervisors Security Virtual Machines & OS security Data layer & development platform Application Identity Management DATA Audit & Monitoring IaaS PaaS SaaS Consumer responsibility Provider responsibility
  • 21.
    So, bottom line,is cloud security improving?
  • 22.
    Providers are doingmore to increase trust
  • 23.
    Improvement with securitystandards & compliance
  • 24.
    Security automation isimproving, specially in IaaS/PaaS
  • 25.
    Monitoring & auditingare improving
  • 26.
    Legal eco-system isgetting complicated Technical complexity Legal complexity
  • 27.
    Configuration is stillopen by default, very easy to make mistakes Legal complexity
  • 28.
    Increased chances forcloud provider lock-in Legal complexity
  • 29.
    Government snooping isincreasing Legal complexity
  • 30.
    Cloud Focused (Heavy use) Cloud Adopters (running appsin the cloud) Cloud Curious (First projects) Cloud Avoider (Private Cloud adapters) National Infrastructure Cloud challenges varies depending on the market sector Startups Energy SMB Hi Tech Government Health Military Telecom providers Homeland & Military industries Utility Retail Banks Financial Services Industry
  • 31.
    The Challenge: Privatecloud still got the same attack vectors! Cloud Attack Vectors Provider Administration Management Console Multi tenancy & Virtualization Automation & API Chain of supply Side Channel Attack Insecure Instances Cloud Avoiders Cloud Curious Cloud Adopters Cloud Focused
  • 32.
    The Challenge: Buildyour Cloud strategy Cloud Curious Cloud Avoiders Cloud Adopters Cloud Focused
  • 33.
    The challenge: Understandthe share responsibility model Cloud Curious Cloud Avoiders Cloud Adopters Cloud Focused
  • 34.
    The Challenge: Evaluatingthe providers Cloud Adopters Cloud Avoiders Cloud Curious Cloud Focused
  • 35.
    Copyright © 2015Cloud Security Alliance Industry Standards used by Major Cloud Providers ISO/IEC 27018:2014 Cloud Adopters Cloud Avoiders Cloud Curious Cloud Focused
  • 36.
    The Challenge: Lookfor those abundant applications that can benefit from cloud computing Cloud Adopters Cloud Avoiders Cloud Curious Cloud Focused Public Cloud Integrity Availability On premise Confidentiality
  • 37.
    Telecom Providers The Challenge: Buildingcloud services Transparency Certifications Security operations Cloud Adopters Cloud Avoiders Cloud Curious Cloud Focused
  • 38.
    The Challenge: managingmultiple cloud applications Governance Encryption Identity management Availability Cloud Focused Cloud Avoiders Cloud Curious Cloud Adopters DLP
  • 39.
    Startups The Challenge: Integrating securityinto your software lifecycle & operations Monitoring Static & Dynamic Analysis Multi Tenancy DEVOPS Cloud Focused Cloud Avoiders Cloud Curious Cloud Adopters
  • 40.
    To wrap ThingsUp… Join CSA Israel Facebook & LinkedIn Forums in order to stay updated regarding latest technologies and community meetups. Don’t let security hold you down
  • 41.
    To wrap ThingsUp… Join CSA Israel Facebook & LinkedIn Forums in order to stay updated regarding latest technologies and community meetups. Use the right tools
  • 42.
    To wrap ThingsUp… Perform responsible cloud adoption!
  • 43.
    KEEP IN TOUCH CloudSecurity Course Schedule can be find at: http://www.onlinecloudsec.com/course-schedule
  • 44.

Editor's Notes

  • #37 The cloud providers AWS and Azure provide a number of compliance certifications. These certifications save time and resources if customers can rely on 3rd party audits by the bodies awarding these certifications (due diligence should be carried out where required). This is not an exhaustive list..There may be more. CCM has been adopted by both Amazon and Microsoft for their IaaS and PaaS services. Microsoft have it for some of their SaaS products such as Office 365 and CRM Dynamics as mentioned earlier. Source https://aws.amazon.com/compliance/ https://azure.microsoft.com/en-us/support/trust-center/compliance/