Identity, Governance, Privacy, Compliance. These words are not the typical ones that I would use in my technical posts, however they are behind the implementations and projects many of us take part in. Microsoft has made a huge effort to consider these attributes in their Azure cloud platform.
As I have been learning and reading about this, I would like to share in this post some resources that could be useful if you are working with Azure.
Microsoft Privacy Statement
It explains what personal data Microsoft collects, how Microsoft uses it, and for what purposes.
Online Services Terms
Legal agreement between Microsoft and the customer. The OST details the obligations by both parties with respect to the processing and security of customer data and personal data.
Data Protection Addendum
It defines the data processing and security terms for online services including:
- Compliance with laws.
- Disclosure of processed data.
- Data Security, which includes security practices and policies, data encryption, data access, customer responsibilities, and compliance with auditing.
- Data transfer, retention, and deletion.
It provides in-depth information about security, privacy, compliance offerings, policies, features, and practices across Microsoft cloud products. You can also find other resources like compliance blogs and events.
Azure Compliance Documentation
It provides detailed documentation about legal and regulatory standards and compliance on Azure across these categories: Global, US government, Financial services, Health, Media and Manufacturing and Regional
For instance, if you are working in Finance services, here you can find all the details about PCI DSS, which describes the security standard designed to prevent fraud through increased control of credit card data.
It addresses the security and compliance needs of US federal agencies, state and local governments, and their solution providers. Azure Government offers physical isolation from non-US government deployments and provides screened US personnel.
Azure China 21Vianet
It’s a physically separated instance of cloud services located in China. Azure China 21Vianet supports most of the same services that global Azure has, such as geosynchronous data replication and autoscaling. Even if you already use global Azure services, to operate in China you might need to rehost or refactor some or all your applications or services.