Azure Security & Regulatory Compliance
Introduction
The goal for this article is to define at a high level what the terms regulatory compliance and IT security mean, and why they are necessary. I am a firm believer that an IT system is only as secure as the language used to describe it.
“The limits of my language are the limits of my mind. All I know is what I have words for.”
Ludwig Wittgenstein
Wittgenstein knew that concepts were important and that if we don’t say what we mean, we may never mean what we say. This article will also define and show the relationship between concepts such as standards, policies, and baselines, and show how they are structurally related as core metadata.
I will outline why an IT system may need to be regulatory compliant and secure within the scope of the Azure cloud.
“How would you demonstrate to an auditor that your Azure cloud security environment was objectively secure?”
The article will describe a risk management methodology which is essentially monitors and governs compliance and security requirements traceability. I will describe tools such as the Unified Compliance Framework (UCF) and Azure Security Center, and their role in helping organizations federate and govern the various regulatory frameworks that require compliancy. Lastly, I will describe…
