Identity, Governance, Privacy, Compliance

Identity, Governance, Privacy, Compliance. These words are not the typical ones that I would use in my technical posts, however they are behind the implementations and projects many of us take part in. Microsoft has made a huge effort to consider these attributes in their Azure cloud platform.

As I have been learning and reading about this, I would like to share in this post some resources that could be useful if you are working with Azure.

Microsoft Privacy Statement

It explains what personal data Microsoft collects, how Microsoft uses it, and for what purposes.

Link: https://privacy.microsoft.com/en-US/privacystatement

Online Services Terms

Legal agreement between Microsoft and the customer. The OST details the obligations by both parties with respect to the processing and security of customer data and personal data.

Link: https://www.microsoft.com/licensing/terms/product/ForallOnlineServices

Data Protection Addendum

It defines the data processing and security terms for online services including:

  • Compliance with laws.
  • Disclosure of processed data.
  • Data Security, which includes security practices and policies, data encryption, data access, customer responsibilities, and compliance with auditing.
  • Data transfer, retention, and deletion.

Link: https://www.microsoftvolumelicensing.com/DocumentSearch.aspx?Mode=3&DocumentTypeId=67

Trust Center

It provides in-depth information about security, privacy, compliance offerings, policies, features, and practices across Microsoft cloud products. You can also find other resources like compliance blogs and events.

Link: https://www.microsoft.com/en-gb/trust-center

Azure Compliance Documentation

It provides detailed documentation about legal and regulatory standards and compliance on Azure across these categories: Global, US government, Financial services, Health, Media and Manufacturing and Regional

compliance offerings by categories: Global, US Government, Industry, and Regional

Link: https://docs.microsoft.com/en-us/azure/compliance/

For instance, if you are working in Finance services, here you can find all the details about PCI DSS, which describes the security standard designed to prevent fraud through increased control of credit card data.

Azure Government

It addresses the security and compliance needs of US federal agencies, state and local governments, and their solution providers. Azure Government offers physical isolation from non-US government deployments and provides screened US personnel.

Link: https://azure.microsoft.com/en-us/global-infrastructure/government/

Azure China 21Vianet

It’s a physically separated instance of cloud services located in China. Azure China 21Vianet supports most of the same services that global Azure has, such as geosynchronous data replication and autoscaling. Even if you already use global Azure services, to operate in China you might need to rehost or refactor some or all your applications or services.

Link: https://docs.microsoft.com/en-us/azure/china/

Featured image by İsmail Enes Ayhan on Unsplash

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s