Security

Overview

Your Security is our top priority and we use the best security practices we can find in Lean Agile Intelligence. Here are the details...

Lean Agile Intelligence is hosted on Microsoft Azure. Microsoft makes security and privacy a priority at every step, from code development through incident response.

Security and privacy are built right into the Azure platform, beginning with the Security Development Lifecycle (SDL) that addresses security at every development phase from initial planning to launch, and Azure is continually updated to make it even more secure. Operational Security Assurance (OSA) builds on SDL knowledge and processes to provide a framework that helps ensure secure operations throughout the lifecycle of cloud-based services. Azure Security Center makes Azure the only public cloud platform to offer continuous security-health monitoring.

Customer Data

Microsoft has leveraged its decades-long experience building enterprise software and running some of the world’s largest online services to create a robust set of security technologies and practices. These help ensure that Azure infrastructure is resilient to attack, safeguards user access to the Azure environment, and helps keep customer data secure through encrypted communications as well as threat management and mitigation practices, including regular penetration testing.

Managing and controlling identity and user access to your environments, data, and applications by federating user identities to Azure Active Directory and enabling multi-factor authentication for more secure sign-in.

Encrypting communications and operation processes. For data in transit, Azure uses industry-standard transport protocols between user devices and Microsoft datacenters, and within datacenters themselves. For data at rest, Azure offers a wide range of encryption capabilities up to AES-256, giving you the flexibility to choose the solution that best meets your needs.

Securing networks. Azure provides the infrastructure necessary to securely connect virtual machines to one another and to connect on-premises datacenters with Azure VMs. Azure blocks unauthorized traffic to and within Microsoft datacenters, using a variety of technologies. Azure Virtual Network extends your on-premises network to the cloud through site-to-site VPN.

Privacy

For more than 20 years, Microsoft has been a leader in creating robust online solutions designed to protect the privacy of our customers. Our time-tested approach to privacy and data protection is grounded in our commitment to organizations’ ownership of and control over the collection, use, and distribution of their information.

We strive to be transparent in our privacy practices, offer you meaningful privacy choices, and responsibly manage the data we store and process. One measure of our commitment to the privacy of customer data is our adoption of the world’s first code of practice for cloud privacy, ISO/IEC 27018.

How we respond to government and law enforcement requests to access data. When a government wants customer data—including for national security purposes—it must follow the applicable legal process, serving us with a court order for content or a subpoena for account information. If compelled to disclose customer data, Microsoft will promptly notify you and provide a copy of the demand, unless legally prohibited from doing so. We do not provide any government with direct or unfettered access to customer data except as you direct or where required by law.

Compliance

Azure meets a broad set of international and industry-specific compliance standards, such as ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2, as well as country-specific standards like Australia IRAP, UK G-Cloud, and Singapore MTCS.

Rigorous third-party audits, such as by the British Standards Institute, verify Azure’s adherence to the strict security controls these standards mandate. As part of our commitment to transparency, you can verify our implementation of many security controls by requesting audit results from the certifying third parties.

When Microsoft verifies that our services meet compliance standards and demonstrates how we achieve compliance, that makes it easier for customers to secure compliance for the infrastructure and applications they run in Azure.