To ensure we deliver technology that our customers can trust, we established the four foundational principles of the Trusted Cloud — security, privacy and control, compliance and transparency – along with a set of complementary guidelines and processes for delivering rigorous levels of engineering, legal, and compliance support for our cloud services.
Compliance: International and industry certifications
Microsoft goes beyond our competitors in delivering international and industry certification compliance. At this time there are 13 certifications that AWS and Google do not comply with, including HITRUST (US), MeitY (India), FACT (UK) and TRUCS (China).
Global Investments: Data Center locations
Microsoft has made significant investments in infrastructure geo-expansion to help address common cloud ‘blockers’ for many geographies and industries, including compliance, data residency and performance. We now have 38 regions, more than any other CSP.
Privacy: General Data Protection Regulation
Microsoft believes that the GDPR is an important step forward for clarifying and enabling individual privacy rights. We have committed to GDPR compliance across our cloud services. Microsoft and our partners can help customers meet the requirements of the GDPR.
Regulated Sectors: Financial Services
We offer unique terms and conditions and a compliance program specifically tuned for FSI customers, which has enabled customers to move to our cloud in key markets around the world, including countries where regulator approval is required.
Regulated Services: Public Sector
We offer more options for data residency and compliance with specific public sector certification requirements around the world. AWS and Google do not meet compliance requirements for many international governments.
Regulated Services: Law Enforcement
We offer commitments under Criminal Justice Information Systems (CJIS) Security Policy Requirements for law enforcement agencies that comply with FBI security requirements and background checks. Google, Amazon and Sales Force do not.
Microsoft commits to comply to yearly audits under a number of security, privacy and audit control standards, like ISO 27001/27002/27018, SSAE 16/ISAE3402. All of our security policies and full audit reports are made available to customers and, their regulators through the Trust Center.
Microsoft is the only company actively targeting cyber criminals and working with law enforcement to take down their ability to infect devices and systems with harmful, criminal malware. Neither Google, Amazon, nor Salesforce are taking this step.
Goverment Requests for Data
Microsoft makes a contractual commitment to ensure any requests for data must follow due legal process. In addition, we allow the law of the jurisdiction of the data center to govern which authorities may have lawful access.
Azure IP Advantage
With Azure IP Advantage, Azure services benefit from uncapped IP protection by Microsoft, including for the open source software powering these services, and consuming Azure customers have access to a defensive patent portfolio of 10,000 Microsoft patents to deter and defend patent lawsuits against their application in the cloud. Microsoft is the only cloud provider to clearly incorporate IP protection for open source software in its terms of service. The Azure IP Advantage patent portfolio has been ranked among the top 3 portfolios in the world for cloud technologies. By comparison, Amazon owns a total of 6,000 patents.