Microsoft answers government on Office 365 security and privacy

Microsoft New Zealand has detailed how the online version of its productivity platform Office 365 addresses key issues raised by the New Zealand Government's Cloud Computing Risk and Assurance Framework.

Microsoft NZ's National Technology Officer, Russell Craig, said information provided to the government's chief technology officer would assist the wide range of government organisations evaluating Office 365, showing them how Office 365 was the most trustworthy on the market.

The government's chief information officer is based within the Department of Internal Affairs and has responsibility for providing guidance on how government organisations should adopt cloud computing.

The government has published a document called, Cloud Computing: Security and Privacy Considerations, which included 105 questions focused on security and privacy aspects of cloud services that were fundamentally related to the issue of data sovereignty. This tool allows agency chief executives to make a risk-based decision on using cloud services.

"Office 365 offers world-leading security and privacy protections for our customers, and its delivery from our Australian Azure datacentre facilities alleviates any concerns they may have had about data sovereignty," Craig said.

"To the best of our knowledge, Microsoft is the only vendor of cloud-based productivity solutions to have published such a comprehensive, detailed set of responses to the questions the GCIO has set out."
"We are very pleased to demonstrate how Office 365 sets the benchmark for providing government with a productivity solution that effectively addresses the security and privacy considerations that government agencies must address when moving to any cloud-based solution," says Craig.

"If you represent a NZ government organisation that wants to take advantage of the tremendous productivity, performance and innovation benefits that Office 365 enables, we are confident that this information will assist your analysis, and reassure you that your information will be in the safest possible IT environment."
"If you work outside of NZ government and are interested in the security, privacy and sovereignty aspects of Office 365, you should also find the information we are providing to our government customers to be very useful."
"Many of the questions in the framework do, however, point customers toward the fundamental importance of understanding cloud service providers' compliance with a wide array of relevant standards, the approach they take to security and data privacy, the nature of their contractual commitments and what they do and don't do with their customers' data," he said.

All state service organisations must apply this framework when they are deciding on the use of a cloud service.

A PDF of Microsoft NZ's response document to the 105 questions can be downloaded here:

For more information on the NZ Government Cloud Computing Security and Privacy Considerations, visit the GCIO website here: