Microsoft Dynamics 365 operated by 21Vianet (“Dynamics 365 Services”) is a separate instance of Microsoft's Dynamics 365 cloud services located in mainland China and independently operated and sold by Shanghai Blue Cloud Technology Co., Ltd. ("21Vianet"), a wholly owned subsidiary of Beijing 21Vianet Broadband Data Center Co., Ltd. It is based on the same Azure technology that powers Microsoft's global cloud services with comparable service levels to customers.
21Vianet understands that in order to realize the benefits of cloud computing you must be willing to trust your cloud provider with your Customer Data. When you invest in a cloud service, you must be able to trust that your Customer Data is safe, that data privacy is protected, and that you own and control your Customer Data in all its uses.
That’s why we strive to earn your trust in Dynamics 365 Services. Microsoft has broad experience developing enterprise online services and has made major investments in foundational processes and technologies that build security and privacy into development. 21Vianet has also implemented comprehensive security measures and privacy policies and participated in international and domestic compliance programs with independent verification of the Azure controls.
Security and privacy are embedded into the development of Dynamics 365 Services. Security and privacy are made a priority at every step, from code development through incident response. The design of Dynamics 365 Services is dominated by security from the ground up. We build security into software code following an approach known as the Security Development Lifecycle (SDL). Mandatory development process embeds security requirements into the entire software lifecycle, from planning through deployment. To help maintain that operational activities follow the same security priorities, we’ve developed rigorous security guidelines laid out in the Security Management process.
Learn more about Simplified Implementation of the Microsoft SDL
Azure employs a robust set of security technologies and practices. These help protect the Azure infrastructure from attack, safeguards user access to the Azure environment, and helps keep Customer Data secure through encrypted communications as well as threat management and mitigation practices, including regular penetration testing.
- Manage and control identity and user access to your cloud environments, data, and applications by federating user identities to Azure Active Directory and enabling Azure Multi-Factor Authentication for more secure sign-in.
- Encrypt communications and operation processes. For data in transit, Azure uses industry-standard transport protocols between user devices and Azure datacenters, and within datacenters themselves. For data at rest, Azure offers a wide range of encryption capabilities, giving you the flexibility to choose the solution that best meets your needs.
- Increase network security. Azure provides you the security-hardened infrastructure to connect virtual machines (VMs) to one another and to connect on-premises datacenters with Azure VMs. Azure blocks unauthorized traffic to and within datacenters, using a variety of technologies. Azure Virtual Networks extend your on-premises network to the cloud through IPsec-based site-to-site VPN technology or a high-speed Azure ExpressRoute dedicated WAN link.
- Defend against threats. Azure offers Microsoft Antimalware for Azure Cloud Services and Virtual Machines to help you protect against online threats. Azure also employs intrusion detection, distributed denial-of-service (DDoS) attack prevention, regular penetration testing, and data analytics and machine learning tools to help mitigate threats to the Azure platform.
Learn more about Azure Network Security
Learn more about Azure Security
21Vianet is an industry leader in protecting customer privacy. Our approach to privacy and data protection is grounded in our commitment to organizations’ ownership of and control over the collection, use, and distribution of their Customer Data. We strive to be transparent in our privacy practices, offer you meaningful privacy choices, and responsibly manage the Customer Data we store and process. One measure of our commitment to data privacy is our adoption of the international and domestic standards of ISO 27001 and Information System Classified Security Protection (DJCP) with classification as Level 3.
- You own your own Customer Data. You own all your Customer Data that you place in Azure—including text, sound, video, or image files and software. You can access your Customer Data at any time and for any reason without assistance from 21Vianet. We will not use your Customer Data or derive information from it for advertising or data mining.
- You control your Customer Data. Because the Customer Data you host on Azure belongs to you, you have control over where it is stored and how it is accessed.
- When law enforcement or third parties request access to your data they must follow applicable legal processes. 21Vianet believes that customers should control their own information whether stored on their premises or in a cloud service. Accordingly, we will not disclose Customer Data to a third party (excluding our suppliers and subcontractors) except as you direct or as required by applicable law and regulations. If compelled to disclose your Customer Data, 21Vianet will use commercially reasonable efforts to promptly notify you and provide a copy of the demand, unless we are legally prohibited from doing so.
Learn how to Protecting Data and Privacy in the Cloud.
- Azure meets international and industry-specific compliance standards, as well as country-specific standards. Rigorous third-party audits verify Azure’s adherence to standards-mandated security controls. As part of our commitment to transparency, you can verify our implementation of many security controls by requesting audit results from the certifying third parties. It makes it easier for you to validate compliance for the infrastructure and applications you run in Azure when 21Vianet verifies that our services meet compliance standards and when we demonstrate how we achieve compliance.
- Determine compliance responsibilities. 21Vianet maintains compliance with leading data protection and privacy laws and regulations applicable to cloud services, to help you determine if Azure complies with the laws and regulations unique to your industry.
- Take advantage of a broad compliance framework. Azure offers a set of compliance certifications to help you conform to your specific requirements. Azure complies with international and industry-specific compliance standards, such as ISO/IEC 27001, as well as country-specific standards such as Information System Classified Security Protection (DJCP) managed by MPS.
Learn more about Compliance
Azure is built on the premise that for you to control your own Customer Data in the cloud, you require visibility into that Customer Data. You must know where it is stored. You must also know, through clearly stated and readily available policies and procedures, how we help secure your Customer Data, who can access it, and under what circumstances. You can review third-party audits and certifications that confirm how we meet the standards we set.
- Maintain clear, constant visibility. You know where your Customer Data is stored, who can access it, and under which conditions your Customer Data is accessed. You receive updates to any changes in our service operations policies.
- Rely on strict access procedures. 21Vianet only grants access to Customer Data to 21Vianet engineers, to perform key tasks such as maintenance and upgrades, and subcontractors, to perform limited services. We use strict controls to govern access to Customer Data, assign the lowest level of privilege required to complete key tasks, and revoke access when it is no longer needed.
Learn more about Transparency
In China, customers who use cloud services are subject to many different laws and regulations that may vary from location to location and industry to industry. To help our customers comply with their own requirements, we build our services with common privacy and security requirements in mind. However, it is ultimately up to our customers to evaluate our offerings against their own requirements, so they can determine if our services satisfy their regulatory needs. We are committed to providing our customers with detailed information about Microsoft Azure operated by 21Vianet to help them make their own regulatory assessments.
Trusted cloud services like Azure require shared responsibility between the customer and the service provider. 21Vianet is responsible for the services based on technology provided by Microsoft and seeks to provide cloud services that can meet the security, privacy, and compliance needs of our customers. Customers are responsible for their environment once the service has been provisioned, including their applications, data content, virtual machines, access credentials, and compliance with regulatory requirements applicable to their particular industry and locale.
Learn more about Shared Responsibilities For Cloud Computing