Secure Azure as Microsoft meets NZ Govt cloud computing criteria

Microsoft New Zealand has demonstrated Microsoft Azure’s ability to provide secure cloud computing to Kiwi companies after meeting requirements set out in the 105-question New Zealand Government framework.

Based within the New Zealand Department of Internal Affairs, the New Zealand Government Chief Information Officer (GCIO) has responsibility for providing guidance on how Kiwi Government organisations should adopt cloud computing via a framework called Requirements for Cloud Computing.

As part of this effort, the GCIO published a document entitled ‘NZ Government Cloud Computing: Security and Privacy Considerations’, which comprises 105 questions focused on security and privacy aspects of cloud services that are fundamentally related to data sovereignty.

Consequently, organisations that fall under the scope of the GCIO’s mandate for providing Ministers with government ICT System Assurance must apply this framework when they are deciding on the use of a cloud service.

Furthermore, other New Zealand State sector organisations are encouraged to use this framework as a good practice guidance.

To assist its New Zealand government organisations in meeting these requirements and expectations, Microsoft New Zealand has provided information showing how Microsoft Azure meets the requirements set out in the 105-question government framework.

"This is a great step forward for us in being able to show both public and private sector customers how Microsoft addresses important security, privacy and sovereignty issues," says Russell Craig, National Technology Office, Microsoft New Zealand.

"None of our competitors have done anything like this. If you represent a New Zealand government organisation that is considering adopting Azure, this information will assist your analysis.

"If you work outside of NZ government, and are interested in the security, privacy, and sovereignty aspects of Azure, you also may find both the questions set out in this framework and the responses from Microsoft to be helpful when evaluating different cloud service providers.

"We would like to think that our responses set the benchmark for the level of detail and transparency that cloud providers can and should offer their customers about these vital matters."

Craig notes that this framework "is not, and does not", define a New Zealand government standard against which cloud service providers must demonstrate formal compliance.

"Many of the questions in the framework do, however, point customers toward the importance of understanding cloud service providers’ compliance with a wide array of relevant standards, the approach they take to security and data privacy, and what they do and don’t do with their customers’ data," he adds.

Craig adds that readers should note that, while the document should be helpful to both public and private sector organisations that are considering using Microsoft Azure, it has been drafted with the needs of public sector organisations being of foremost importance.

According to the company, the document is the first in a series of such documents that Microsoft New Zealand will produce covering many of Microsoft’s cloud services, including Microsoft Office 365, Dynamics CRM Online, Microsoft InTune and Yammer Enterprise.

This story has been updated.