Data Security is part of the DNA of the COMPLYfile software. We use the industry leading cloud based software built and managed by Microsoft, called the Microsoft Azure platform. Check out below how Microsoft helps COMPLYfile keep your data safe.
Design and Operational Excellence
Azure security, privacy, and compliance begin with a trustworthy technology foundation. Microsoft creates, implements, and continuously improves security-aware software development, operational, and threat mitigation practices. This helps customers reduce the time and money they spend on implementing and maintaining the security of their computing platform
Microsoft has developed industry-leading best practices in the design and management of online services, including:
Security Centers of Excellence.
Microsoft engages in industry-leading security efforts through the creation of centers of excellence, including the Microsoft Digital Crimes Unit, Microsoft Cybercrime Center, and Microsoft Malware Protection Center.
Designing for security from the ground up.
Azure development adheres to the Security Development Lifecycle (SDL). The SDL became central to Microsoft’s development practices a decade ago and is shared freely with the industry and customers. It embeds security requirements into systems and software through the planning, design, development, and deployment phases.
Keeping operations safe.
Azure adheres to a rigorous set of security controls that govern operations and support. The Azure team works with other entities within Microsoft such as Office 365 and the Microsoft Operational Security Assurance (OSA) group to identify risks and share information, supporting continuous improvement in operational controls. This increases the ability to prevent, detect, contain, and respond to operational security threats specific to Azure and companywide.
One key operational best practice that Microsoft uses to harden its cloud services is known as the “assume breach” strategy. A dedicated “red team” of software security experts simulates real-world attacks at the network, platform, and application layers, testing Azure’s ability to detect, protect against, and recover from breaches. By constantly challenging the security capabilities of the service, Microsoft can stay ahead of emerging threats.
Azure has a global, 24×7 incident response service that works to mitigate the effects of attacks and malicious activity. The incident response team follows established procedures for incident management, communication, and recovery, and uses discoverable and predictable interfaces internally and to customers.