[AZ-900] Privacy, Compliance And Data Protection

This blog post is the sixteenth blog in the  Microsoft Azure Fundamentals Certification Series(AZ-900) of Topic 3: Security services. 

If you have not gone through the previous Topic [AZ-900] Microsoft Azure Monitoring | Reporting: Azure Cloud Monitoring and Service Health.

For the full list of blogs in this series, refer to this blog.

In this blog post, we’ll cover :

• • Compliance Terms and Requirements
  • Microsoft Privacy Statement
  • Data Protection
  • Azure Trust Center
  • Special Azure regions

Compliance Terms and Requirements

Microsoft provides the most comprehensive set of compliance offerings (including certificates) of any cloud services providers. Azure offers more than 35 compliance concrete to the requirements of key industries, including health, finance, manufacturing, and media. Our emerging compliance needs are covered, too: Microsoft engages globally with governments, regulators, standards bodies, and non-governmental organizations.

Some of the compliance offerings include:

• CJIS ( Criminal Justice Information Service )
• CSA STAR Certification
• HIPAA certification (Health Insurance Portability and Accountability Act)
• ISO/IEC 27018
• GDPR ( General Data Protection Regulation) and many more.

Microsoft Privacy Statement

Provides openness and honesty about how Microsoft handles the user data collected from its product and services mainly Microsoft collects data from you, through interactions with users and through their products. You provide some of this data directly, and Microsoft gets some of it by collecting data about user’s interactions, use, and experiences with their products. The data collected depends on the context of interactions with Microsoft and the choices we make, including the user’s privacy settings and the products and features used.

Microsoft Privacy Statement Explains:

• What data Microsoft process
• How Microsoft process it
• For what purpose data is utilized

Data Protection

Access to customer data by Microsoft operations and support personnel is denied. When access to data associated with a support case is granted, it’s only granted employing a just-in-time (JIT) model using policies. The access-control requirements are established by the subsequent Azure Security Policy:

• No access to customer data, by default.
• No user or administrator accounts on customer virtual machines (VMs).
• Grant the least privilege that’s required to complete the task; audit and log access requests.

Azure Trust Center

As a public cloud services provider,  Azure requires shared responsibility between customers and Microsoft. Microsoft is responsible for the platform and seeks to provide a cloud service that will meet the security, privacy, and compliance needs of our customers.

Users are responsible for their system once the accommodation has been provided, including their apps, data content, virtual machines(VMs), and compliance with regulatory requisites applicable to a particular industry.

Special Azure Regions

Azure has some special regions that you simply might need to use when building out your applications for compliance or legal purposes. These special regions include:

• US Gov Virginia and US Gov Iowa:  Physical and logical network-isolated instance of Azure for United States government agencies and partners, operated by screened US persons. Includes additional compliance certifications like FedRAMP and DISA. Read more about Azure Government.

• China East and China North: These regions are available through a singular partnership between Microsoft and 21Vianet, whereby Microsoft doesn’t directly maintain the datacenters. See more about Azure China 21Vianet.

• Germany Central and Germany Northeast: These regions are available via a knowledge trustee model whereby customer data remains in Germany in check of T-Systems, a Deutsche Telekom company, acting because of the German data trustee.

Related/References

1. [AZ-900] Microsoft Azure Certification Fundamental Exam: Everything You Must Know
2. Learn how to create a Free Microsoft Azure Trial Account
3. [AZ-900] Microsoft Azure Fundamentals: Topic 1.1 Overview & Benefits
4. [AZ-900] Microsoft Azure Fundamentals: Topic 1.2  CapEx vs OpEx Model
5. Windows Azure Trust Center
6. Azure regions – Azure Virtual Machines | Microsoft Docs

Next Task For You

Begin your journey toward Mastering Azure Cloud and landing high-paying jobs. Just click on the register now button on the below image to register for a Free Class on Mastering Azure Cloud: How to Build In-Demand Skills and Land High-Paying Jobs. This class will help you understand better, so you can choose the right career path and get a higher paying job.