We take this very seriously and so decided to store all data in the cloud using Microsoft Azure.

In summary, here's why:

  • Microsoft datacenters are physically constructed, managed, and monitored 24 hours a day to shelter data and services from unauthorized access as well as environmental threats.

  • Azure has 240 million user accounts from companies and organisations in 127 countries

  • Microsoft undergoes regular verification by third-party audit firms and shares audit report findings and compliance packages with customers to help them fulfil their own compliance obligations.

  • Microsoft creates, implements, and continuously improves security-aware software development, operational, and threat mitigation practices.

  • The Azure team works with other entities within Microsoft such as Office 365 and the Microsoft Operational Security Assurance (OSA) group to identify risks and share information, supporting continuous improvement in operational controls.

  • Azure has a global, 24x7 incident response service that works to mitigate the effects of attacks and malicious activity.

  • Network isolation prevents unwanted tenant-to-tenant communications, and access controls block unauthorized users from the network. Virtual machines do not receive inbound traffic from the Internet unless customers configure them to do so.