Design and operational security
21Vianet protects your data with a trustworthy technology foundation
Microsoft Azure, Microsoft Microsoft 365, Microsoft Dynamics 365 and Microsoft Power Platform online services operated by 21Vianet is a trustworthy technology, which is designed for security from the ground up to help ensure that its infrastructure is resilient to attack. As a security strategy, we assume breaches of our systems, and the 21Vianet incident-response team works around the clock to mitigate the effects of any attacks against Microsoft Azure, Microsoft 365, Microsoft Dynamics 365 and Power Platform online services operated by 21Vianet. These practices are backed by Security Management Process that fights digital crime, responds to security incidents and vulnerabilities in Microsoft Azure, Microsoft 365, Microsoft Dynamics 365 and Power Platform online services operated by 21Vianet, and combats malware.
Secure identity
21Vianet uses stringent identity management and access controls to limit data and systems access to those with a genuine business need (least-privileged). Account password controls enforce password complexity rules and require periodic rotation. System design and policies are implemented to prevent personnel who have authorized access to customer data from using it for purposes beyond those identified for their roles. Security policies set the standards and define procedures for data protection.
21Vianet has invested in systems and controls that automate the majority of operations while intentionally limiting 21Vianet’s access to customer content. Humans govern the service, but software operates it. This enables 21Vianet to operate at scale, and to manage the risks of internal threats to customer content (such as malicious actor or the spear-phishing of a 21Vianet engineer).
As an example: by default, 21Vianet engineers have no standing administrative privileges and no standing access to customer content in Microsoft 365. A 21Vianet engineer may have limited (and audited) secured access to a customer’s content for a limited amount of time, only when necessary for service operations and only when approved by a member of senior management at 21Vianet (and, for customers that are licensed for the Customer Lockbox feature, the customer).
Third parties are held to the same security standards as full-time employees. Subcontractors who work in facilities or on equipment controlled by 21Vianet must also follow Customer Data protection standards as full-time employees.
Secure apps and data
The Security Development Lifecycle (SDL) is a mandatory software development process used by developers of the Microsoft Azure, Microsoft Microsoft 365, Microsoft Dynamics 365 and Power Platform online services technology that is licensed to 21Vianet. The SDL aims to reduce the number and severity of vulnerabilities in Microsoft Azure, Microsoft 365 Microsoft Dynamics 365 and Microsoft Power Platform online services operated by 21Vianet. Introduced in 2004, the SDL embeds security requirements in the entire software development lifecycle. As technology evolves and criminals become more sophisticated, so does the SDL. The security of Microsoft Azure, Microsoft 365, Microsoft Dynamics 365 and Power Platform online services operated by 21Vianet have increased dramatically in the past decade, in part due to this emphasis on continuing to evolve.
Learn more about Simplified Implementation of the Microsoft SDL
Security Management Process makes Microsoft Azure, Microsoft 365, Microsoft Dynamics 365 and Microsoft Power Platform online services operated by 21Vianet more resilient to attack by decreasing the amount of time needed to prevent, detect, and respond to real and potential Internet-based security threats. It ensures that operational activities follow rigorous security guidelines and validates that these guidelines are followed. When issues arise, a feedback loop helps ensure that future revisions of Security Management Process support mitigations address them.
An Assumed Breach strategy hardens Microsoft Azure, Microsoft 365, Microsoft Dynamics 365 and Microsoft Power Platform online services operated by 21Vianet and stays ahead of emerging threats. This approach alters the basic premise of design, engineering, and operations by assuming that attackers have already exploited vulnerabilities or gained privileged access. A dedicated “red team” of security experts simulates real-world attacks at the network, platform, and application layers, challenging the ability of Microsoft Azure, Microsoft 365, Microsoft Dynamics 365 and Power Platform online services operated by 21Vianet to detect, protect against, and recover from security breaches.
Incident-Response presence 21Vianet operates a 24x7 event and incident response team to help mitigate threats from attacks and malicious activity. Our incident response team is on constant alert to identify, investigate, and resolve security incidents and vulnerabilities in the security of software. The detection of a security event mobilizes engineers and a communications team; while the engineering team conducts a detailed investigation of the issue and develops a solution, it works with the communications team who develops guidance for customers.
The 21Vianet Security Response Team, led by experienced security experts, delivers security response, collaborates with the security community to help improve customer security, advances innovation in the security landscape, and provides authoritative security guidance.
Security tool
21Vianet provides tools to help developers build and maintain secure apps, protect your data from threats, and address security compliance requirements, at the same time reducing development costs.