Today, Microsoft announced the successful completion of the Cloud Data Management Capabilities (CDMC) 14 Key Controls and Automations certification, conducted by Accenture and Avanade, accelerating the industry’s move to the cloud. The 14 Key Controls and Automations are a part of the EDM Council’s Cloud Data Management Capabilities framework formulated as a best practice to help all industries accelerate the migration of sensitive and non-sensitive data to the cloud with confidence. This certification demonstrates Microsoft’s commitment to providing comprehensive CDMC cloud data management automations and controls for protecting sensitive data to accelerate trusted cloud adoption.
When we first joined the EDM Council’s CDMC Work Group in May 2020, Microsoft was at the beginning of its journey building out what is now known as Microsoft Purview, our unified data governance and compliance solution. We joined over 300 industry data thought leaders with representation from the world’s largest banks and technology companies to identify a control standard to keep data safe.
Every organization we have had the opportunity to engage with is looking to accelerate its use of data to drive its business outcomes. Best practices for how to govern data as it moves to and is born in the cloud were a constant area of discussion and need. This is why we were so excited to partner with the EDM Council and thought leaders around the globe to make data governance practice in the cloud simpler and more approachable, allowing everyone to derive more value from data.
“Across every industry, we’ve seen that clients who are capitalizing on data are driving innovation and competitive advantage. Avanade clients are transforming their business through data strategies and capabilities including data fabric, data mesh, and modern analytics and governance at scale. With the CDMC certification of Microsoft’s cloud platform, our clients will be able to leverage industry-leading governance best practices advanced by the EDM Council, and we will expand this to more organizations and achieve stronger business outcomes.”—Simon Thomas, Global Head of Data and AI, Avanade
1. Data Control Compliance must be monitored for all data assets containing sensitive data through metrics and automated notifications.
2. The Ownership field in a data catalog must be populated for all sensitive data or otherwise reported to a defined workflow.
3. A register of Authoritative Data Sources and Provisioning Points must be populated for all data assets containing sensitive data.
4. The Data Sovereignty and Cross-Border Movement of sensitive data must be recorded, auditable, and controlled according to defined policy.
5. Cataloging must be automated for all data at the point of creation or ingestion, with consistency across all environments.
6. Classification must be automated for all data at the point of creation or ingestion and must always be on.
7. Entitlements and Access for Sensitive Data must default to the creator and owner and access must be tracked for all sensitive data.
8. Data Consumption Purpose must be provided for all Data Sharing Agreements involving sensitive data.
9. Appropriate Security Controls must be enabled for sensitive data and evidence must be recorded.
10. Data Privacy Impact Assessments must be automatically triggered for all personal data according to its jurisdiction.
11. Data Quality Measurement must be enabled for sensitive data with metrics distributed when available.
12. Data Retention, Archiving, and Purging must be managed according to a defined retention schedule.
13. Data Lineage information must be available for all sensitive data.
14. Cost Metrics directly associated with data use, storage, and movement must be available in the catalog.
In today’s environment, many organizations are looking to set the data foundation in place to quickly adhere to ever-changing regulatory requirements across multi-jurisdictions. They’re also looking for the confidence that data is properly protected no matter where it resides. Without having the foundational layer in place, analytics and AI will not deliver trusted insights. This milestone for the industry allows organizations to balance their offensive and defensive position when it comes to generating value from their data and meeting compliance standards.
“The Cloud Data Management Capabilities framework represents the best practices in data on cloud from a huge number of financial services companies and other leading data practitioners from across other industry groups. It is great to see Microsoft natively certifying their platform against CDMC key controls, automating the most important capabilities in data management, which will help accelerate adoption of cloud services. We are excited by their continuing contributions to extend CDMC into new areas this year.”—Oli Bage, Co-chair of CDMC Work Group and Head of Architecture for Data and Analytics, London Stock Exchange Group
“Microsoft’s certification of the CDMC 14 Automated Key Controls is an impressive accomplishment because it marks the completion of a comprehensive, in-depth confirmation of their cloud leadership. Having its cloud platform independently certified will give Microsoft’s clients even greater confidence in accelerating their own adoption of cloud and hybrid-cloud strategies with the assurance that their data is controlled and protected.”—John Bottega, President, EDM Council
Microsoft’s certification allows client companies across all sectors to implement best practices within their own operational environments and ensure that the 14 Key Controls will protect their sensitive data cross-jurisdiction and speed their own certification against the CDMC Key Controls.
Avanade is the leading provider of innovative digital, cloud and advisory services, industry solutions, and design-led experiences across the Microsoft ecosystem. Every day, their 60,000 professionals in 26 countries make a genuine human impact on clients, employees, and customers.
They have been recognized, together with their parent, Accenture, as Microsoft Global SI Partner of the Year more than any other company. With the most Microsoft certifications (60,000 plus) and 18 (out of 18) Gold-level Microsoft competencies, they are uniquely positioned to help businesses grow and solve their toughest challenges.
They are a people-first company, committed to providing an inclusive workplace where employees feel comfortable being their authentic selves. As a responsible business, they are building a sustainable world and helping young people from underrepresented communities fulfill their potential.
Majority owned by Accenture, Avanade was founded in 2000 by Accenture LLP and Microsoft Corporation. Learn more about Avanade.
EDM Council is the global association created to elevate the practice of data management and analytics as a business and operational priority. The Council is the leading global advocate for the development and implementation of data standards, best practices, and comprehensive training and certification programs. With over 350 organizations from the Americas, Europe, the Middle East, Africa, and Asia, and over 25,000 data management professionals as members, the EDM Council provides a venue for data professionals to interact, communicate, and collaborate on the challenges and advances in data management and analytics as critical organizational functions. For more, visit the EDM Council.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.
The post Microsoft achieves first native Cloud Data Management Capabilities certification appeared first on Microsoft Security Blog.
Source: Microsoft Security