Security
- Cloud providers are obviously massive targets for hackers, and so they rightly spend a lot of time, money and effort on platform security
- Cloud providers go through security audits and compliance certifications
- And provide customers (you) the tools they need to enable and monitor security with their own applications/data
- Security is shared between the cloud provider and the customer
How Is It Achieved?
- Industry standard compliance certifications
- Microsoft Security Response Center (MSRC)
- Always-on DDoS
- Azure Policy & Blueprint
- Role based access control (RBAC)
- Azure Active Directory
- Always up-to-date platform services
- Update management
- Encryption by default
- Dozens of security services like firewall
Governance:
Why Is It Needed?
- Your company wants to ensure it’s policies are followed in the cloud
- Includes basic auditing and reporting as well as enforcement
- You want to be compliant with industrystandards such as HIPPA or PCC or GDPR
How Is It Achieved?
- Azure Policy & Blueprint
- Management groups
- Custom roles
- Soft delete
- Guides and best practices such as Cloud Adoption Framework