Sygitech Blog

Identity, Governance, Privacy, and Compliance features in Azure Services

Apr 2022

We’ve talked alot about security, but when it comes to moving to the cloud, security isn’t the only major concern companies have. They also want to have control over how resources are used and they want to ensure that data is kept private after it’s in the cloud provider’s ecosystem. Also, many businesses are required to comply with regulations and standards, and by moving to the cloud, they’re offloading some of that responsibility to the cloud provider. Therefore, they want to ensure a high level of confidence that the cloud provider is keeping them compliant. The Cloud service providers in India are working to understand the different aspects and verticals of cloud computing and to help their clients in making their system compliant. 

Security isn’t only about controlling the network traffic. In order to provide a secure environment, you must have some means of identifying who’s accessing your application. Once you know the identity of a user, you need to ensure that they aren’t allowed access to data or other resources they shouldn’t access.

Azure, is a Cloud computing service operated by Microsoft for application management via managed data centers. A cloud computing platform which can be used by Managed IT service providers help to provide great cost-effective solutions to their clients. Most of the companies seek help from cloud service providers for data migration to cloud, as running virtual machines in the cloud with a cost effective solution is a very complex process.

Azure services provides:

  1. Authentication and authorization
  2. Azure active directory
  3. Conditional access and multi factor authentication (MFA)
  4. Role-based access control (RBAC)

Authentication and authorization:

To determine who is using the application, you would require that users’ log in, often with a username and password. Assuming the user provides the right credentials, that user is authenticated to use an application. Once a user is authenticated and begins interacting with an application, additional checks might take place to confirm which actions the user is and isn’t allowed to perform. That process is called authorization and authorization checks are performed against a user who is already authenticated.

Similarly, Azure active directory is a cloud-based identity service in Azure that can help you authenticate and authorize users.

Conditional access and Multi Factor Authentication:

Azure conditional access allows you to create policies that are applied against users. These policies use assignments and access controls to configure access to the resources. If a hacker obtains the password by using software that guesses passwords or by stealing it through phishing or some other means, your resources are no longer secure.

Multi Factor Authentication solves the problem. The concept behind multifactor authentication is that you must authenticate using a combination of:

  1. Something you know, such as username and password
  2. Something you have, such as a phone or mobile device 
  3. Something you are, such as facial recognition or fingerprint.

If multifactor authentication requires all three types of authentication. It’s referred to as three-factor authentication.

Role-based access control (RBAC):

It is a generic term that refers to the concept of authorizing users to a system that is based on defined roles to which the user belongs.

As your cloud presence grows, you’ll likely end up with a large number of Azure resources that span many different azure services . Unless you’ve some control over how those resources are created and managed, costs can spiral out of control. In addition to cost control, you might have other restrictions you’d like in place as well, such as which regions certain resources should be created in, how certain resources are tagged and so on.

The traditional way of handling such governance issues would be to send out a memo to everyone explaining what requirements are and then crossing your fingers that people adhere to them. Azure policy meets your requirements and helps you in governance of your resources. You’ll find moving to the cloud isn’t as simple as clicking a few buttons in the Azure portal. There’s considerable planning that must take place, but before any of that planning even starts, it’s important to become educated on how to move to the cloud successfully. You need to learn about best practices, how your cloud apps should be architected, the proper way to migrate resources, setting up governance and policies, so on and so forth.

Some compliance requirements can’t be met by simply applying policies in Azure. For example, some government compliance scenarios require that data stays within the country and that only citizens of that country have the access to systems used to store that data. You can’t meet this requirement with policies. In fact, you can’t meet that requirement at all in the public cloud. To address this type of issue, Microsoft developed completely isolated Azure data centers that make up the Azure Government cloud. Azure Government data centers are separate from the public data centers.

Azure Cloud computing has one of the most interesting sections which is service level agreement(SLA’s), and the life cycle of Azure services. Pricing doesn’t just involve knowing the price of Azure resources. Companies often want to know how much entire Cloud solutions are going to cost before applications are deployed to the cloud. And when the application is deployed , they want to minimize costs as much as possible to have visibility into the ongoing costs of Azure services.

We’ve already talked about the high availability in the cloud, and how Cloud service providers can help you with ensuring your application experiences are highly available by following their guidelines related to SLAs. When something goes wrong, the Cloud service provider will make sure that the services aren’t affected and help the company by ensuring that the resources and underlying applications work as expected in the target environment. 

Similar Blogs

Subscribe to our Newsletter