Microsoft shares its data protection and cloud privacy measures

For all of the services it has under its wings, and thus vast amounts of data it handles, Microsoft needs a quite a few datacenters. In fact, the firm owns some of the largest facilities of this kind, which raises questions about data privacy and infrastructure security.
These same questions were addressed to Mark McIntyre, Chief Security Advisor at Microsoft’s Enterprise Cybersecurity Group, who attended a recent Chief Information Security Officer roundtable in Washington DC. To tackle the issue of trust of a cloud provider, McIntyre offered the idea of scale. The image below shows internet usage in 2015, in millions of users:

For contrast, a projection of how this map might look like in 2025 is also provided, showing a visible upwards trend in the overall number of users.

To further give a sense of the scale of data in question, some stats were provided:
Microsoft has incredible breadth and depth of signal and information we analyze from 450B authentications per month across our cloud services, 400B emails scanned for spam and malware, over a billion enterprise and consumer devices updated monthly, and 18B+ Bing scans per month
While the firm does serve millions of customers worldwide, it is also in the midst of transitioning all of its 100,000+ employees and corporate infrastructure to the cloud, meaning that whatever it is offering must meet some very rigorous standards.
Of course, the number one priority is security when dealing with such vast amounts of data, an overview that can be seen in the videos below:

An error occurred.
Try watching this video on, or enable JavaScript if it is disabled in your browser.

An error occurred.
Try watching this video on, or enable JavaScript if it is disabled in your browser.
One way in which Microsoft ensures security is by use of the Intelligent Security Graph, providing a means to leverage big data analysis to detect and deal with cybersecurity datacenter activity. To do so, Microsoft can rely on information from quite a few of its own cybersecurity centers around the world, the most recent of which was opened in Mexico.
Microsoft is also quick to point out its Just Enough and Just Enough Administration access policies, which allow system administrators only the bare minimum requirements to carry out a specific task. There is no possibility for an admin to issue and approve his or her own ticket either, thus adding another layer of security.
Compliance and trust are other areas in which the firm emphasizes its advantage over competing products, by underlining its CSA STAR, HITRUST, FACT, and CDSA certifications. However, Microsoft also stresses its commitment to transparency via the Trust Center, Service Trust Portal, and Service Assurance Portal.
Last but not least, the Government Security Program (GSP) gets a mention, an initiative which allows authorities (governments and regulators) to access “deep architecture details about our products and services, up to and including source code”. This, along with the aforementioned layers of security and efforts at transparency is what McIntyre believes makes Microsoft a trustworthy entity when it comes to the handling of data, privacy and all in all data security.
Internet map images via Microsoft