The Microsoft approach to cloud transparency – Part XI

Welcome! Please comment and leave me a note telling me what you like and what you'd like to see more of. Sign up to my RSS Feed!

Thank you for coming back for the exciting Part XI of The Microsoft approach to cloud transparency

The Microsoft approach to cloud transparency

 

Using the Cloud Security Alliance’s Security, Trust & Assurance Registry (STAR)

 

Part XI – Specific examples of Microsoft adoption of STAR controls, continued, 2

SA-12 Security Architecture – Clock Synchronization

“An external accurate, externally agreed upon, time source shall be used to synchronize the system clocks of all relevant information processing systems within the organization or explicitly defined security domain to facilitate tracing and reconstitution of activity timelines. Note: specific legal jurisdictions and orbital storage and relay platforms (US GPS & EU Galileo Satellite Network) may mandate a reference clock that differs in synchronization with the organizations domicile time reference, in this event the jurisdiction or platform is treated as an explicitly defined security domain.”

Microsoft’s reply:

“In order to both increase the security of Microsoft Dynamics CRM Online, Windows Azure, and Office 365 and to provide accurate reporting detail in event logging and monitoring processes and records, Microsoft Dynamics CRM Online, Windows Azure, and Office 365 use consistent clock setting standards (such as PST, GMT, UTC). When possible, Microsoft Dynamics CRM Online, Windows Azure, and Office 365 server clocks are synchronized through the Network Time Protocol which hosts a central time source for standardization and reference, in order to maintain accurate time throughout the Microsoft Dynamics CRM Online, Windows Azure, and Office 365 environments.”

“Clock synchronization” is covered under the ISO 27001 standards, specifically addressed in Annex A, domain 10.10.6. For more information review of the publicly available ISO standards we are certified against is suggested.”

 

Come back next week for Part XII and the Summary !

Leave a Reply

Your email address will not be published. Required fields are marked *


*