Simplifying security and industry standards compliance with Azure’s adaptive cloud approach
Azure's adaptive cloud approach helps simplify compliance with security and industry standards. Photo Credit: Microsoft

Simplifying security and industry standards compliance with Azure’s adaptive cloud approach

Cybersecurity and regulatory compliance of hybrid and edge resources are among the top challenges for customers in manufacturing, energy, healthcare, and government sectors. Approximately 58% of industrial survey respondents highlighted cybersecurity as a severe or major challenge for their organization, ranking security as the top concern above skill gaps, change management, and integration complexity. Azure’s adaptive cloud approach provides customers with tools, built-in security, and at-scale management to simplify and support their security journeys.

Security and industry standards, such as ISO/IEC 27001, NIST 800-53, PCI-DSS, HIPAA, FedRAMP, CIS Benchmark, and Microsoft’s security baselines, have been helping organizations mitigate risks for decades. However, with new regulatory motions, like the European Union (EU) NIS 2 Directive, the United States Executive Order 14028, and the upcoming legislation of the EU Cyber Resilience Act, there is a significant demand for customers across every industry to increase compliance initiatives that demonstrate their risk management efforts. These new regulations intensify the need for customers to utilize standards to maintain compliance within their vastly distributed hybrid and edge resources. 

The typical customer journey starts with risk assessment and exploration of industry-specific standards to mitigate risks. Customers then map these standards' controls to a complicated matrix of hardware, firmware, and software capabilities to choose their hybrid and edge infrastructure products. Given the evolving nature of security threats, it is critical to select hardware that can help future proof against modern threats. Once the hardware is chosen, the next step is to deploy the infrastructure. The deployment process includes configuring the infrastructure -   not only to meet compliance requirements, but also to validate performance and compatibility. Finally, given geographically distributed deployments, customers often require remote management to monitor and ensure compliance across all assets, not only on day zero but also over time.

To help overcome these challenges, the following choices need to be simplified for customers:

  • A trusted public cloud provider that streamlines compliance with an at-scale management platform that can remotely manage, monitor, and remediate a distributed infrastructure
  • An edge infrastructure platform and hardware that provides built-in strong security by default and assists in compliance efforts

Here is how Azure’s adaptive cloud approach can assist the customer with each of these choices:

Choosing a trusted cloud provider that simplifies compliance at the edge

Microsoft recognizes the growing complexity of national, regional, and industry-specific regulations. Today, the Azure public cloud leads the industry with more than 100 compliance offerings. Learn how Microsoft’s products and services help your organization meet regulatory compliance standards.

Azure’s adaptive cloud approach enables organizations to leverage cloud-native technologies, including Azure RBAC, Azure Policy, Microsoft Copilot for Azure, Microsoft Defender for CloudMicrosoft Sentinel, to work simultaneously across hybrid, multicloud, edge, and IoT to monitor at scale and improve their security and compliance postures.

For example, to comply with relevant industry and security standards, customers would typically analyze applicable standards, identify the right set of security configurations, and continuously update them as standards evolve. It is a time-intensive task. To address this challenge, we created Azure Security baselines, which incorporates relevant security configurations that assist in the compliance of hybrid, multicloud, edge, and IoT resources. Additionally, customers can use Azure policy built-ins as a guiding tool towards compliance with industry standards, as it provides a mapping of controls from various compliance domains to Azure policies to the extent such a mapping is feasible.

Azure machine configuration showing compliance of Azure Stack HCI to Azure security compute baseline
Figure 1 - Azure machine configuration showing compliance of Azure Stack HCI to Azure security compute baseline.

Keeping a vast number of resources compliant can also be time consuming, because it often requires regularly monitoring resources at scale and remediating any drift in configuration. Azure Machine configuration provides drift control protection that can restore settings in the event of accidental drift, simplifying the ability to stay compliant. With an at-scale management platform, Azure’s adaptive cloud approach helps streamline customers’ compliance by delivering capabilities that can remotely manage, monitor, and remediate a distributed infrastructure.  

An edge infrastructure platform and hardware that provides built-in strong security by default and assists in compliance efforts

In industries like retail, manufacturing, and healthcare, it is common for physical operations to be spread across many edge locations. As digital transformation initiatives bring more computing into the store, factory, or clinic, choosing an edge infrastructure platform that simplifies compliance efforts is key to meeting security standards. And to combat modern threats to these business environments, hardware and infrastructure platforms need to continuously maintain strong security practices.  

Azure Stack HCI deployment enabling Azure security compute baseline and security features by default.
Figure 2 - Azure Stack HCI deployment enabling Azure security compute baseline and security features by default.

When choosing an edge infrastructure platform, customers are looking for the platform to provide materials and capabilities that can assist in the compliance lifecycle.  Azure Stack HCI has a wide range of security features and services across the hybrid environment that can help meet stringent compliance requirements both in cloud and on premises. The Azure Stack HCI assurance site provides information on Azure Stack HCI and various security standards, together with any completed validations and certifications. Such standards include Common Criteria for Information Technology Security Evaluation (CC), Federal Information Processing Standard (FIPS) 140, along with guidance for ISO/IEC 27001, PCI-DSS, and HIPAA compliance. These resources can be leveraged throughout the lifecycle to help meet compliance requirements.

Since 2021, Microsoft, through its Secured-core server program, has worked closely with silicon and OEM partners to offer built-in security features for hardware, firmware, driver, and operating system protection. In 2022, we established Secured-core as a prerequisite for all new Azure Stack HCI 22H2 solutions built on Gen 3 or newer server-grade silicon platforms. Secured-core helps protect systems from firmware threats through a combination of hardware-backed trust, built-in boot, and kernel integrity mechanisms. Today, we are also excited to announce that Dell Technologies, Hewlett Packard Enterprise (HPE), and Lenovo are committed to meet the Secured-core requirements for all Windows Server 2022 and 2025 server models based on 3rd generation and newer server grade CPUs.

Once customers have chosen the hardware and the requisite configurations to meet compliance with applicable standards, they need to test these configurations on their infrastructure. It can be an arduous task that requires continuously testing compatibility of the edge product. Azure Stack HCI makes this arduous task simpler because it starts with strong security by default  with Azure Security baselines applied. The Azure security baseline also incorporates some of the security configurations from key industry and regulatory standards, providing customers assistance in establishing and maintaining their infrastructure compliance. All Azure Stack HCI updates, including Solution Builder Extension software updates, are validated for compatibility against these configurations.

Here is a demonstration of some of these concepts, showcasing both current and upcoming capabilities.

In summary

Azure’s adaptive cloud approach can simplify an organization’s journey to meet industry and security standards for their hybrid and edge infrastructure. As an example, Azure Stack HCI reduces the burden on customers to establish and maintain compliance because it provides a foundation with strong security by default, built-in drift protection, and validation for compatibility against the Azure security baseline.

Experience the latest offerings and see them in action by visiting Azure Arc Jumpstart where you can learn and try many different scenarios.

To learn more, reach out to the team via the Adaptive cloud community.

Niladri Chakraborty

Motivational Speaker at TED ED | 3X TED TALK SPEAKER | Persuasive and Public Speaker| On a Mission to Transform and Motivate Youth .

5mo

Great post!

Like
Reply

To view or add a comment, sign in

More articles by Douglas Phillips

Insights from the community

Explore topics