Azure Compliance papers - 8 month sprint to publish 8 papers

It's been a while since I posted a blog. And to my readers I apologize. However in the past six months I've been madly working to publish 8 white papers on security and compliance for Microsoft Azure... It's a bit crazy to think anyone can get more than a paper published a month, especially when it requires as many reviewers as I've had to place my writing through.

Normally, I place my ideas on the screen and bam... it's published!.. At my 'day' job it takes a bit more rigor to get a paper published. Including colleagues that are area experts providing feedback plus getting lawyers to validate that everything stated is in line with good corporate guidance. That normally means two months of reviews for everything I create.

This is the first time I've tried to execute the writing, editing, reviewing and publication of 8 consecutive streams of content. It's true that the work is supper similar, and that's because it relates to compliance... And most countries, and nations, consider the same issues critical. Secure computing, and citizen privacy. Simple right?

Well if you want to find out, your welcome to read the four of the 8 regional papers that relate to the regional issues published so far. And two US governance papers I also managed to publish in the last 6 months.



Here's my list of papers so far:

1. CJIS Implementation Guidelines for Azure Government, Office 365 Government
2. FERPA Implementation Guide for Microsoft Azure 
3. Microsoft Azure Compliance in the context of Malaysia Security and Privacy Requirements
4. Microsoft Azure Compliance in the context of Singapore Security and Privacy Requirements
5. Microsoft Azure Compliance in the context of New Zealand Security and Privacy Requirements
6. Microsoft Azure Compliance in the context of Australia Security and Privacy Requirements



I want to thank everyone that supported this effort, and the work in getting these papers published. Now back to the remainder of the 8 papers... next up....is (Oh, guess you'll have to come back next week to find out)




Comments

Post a Comment

Popular posts from this blog

Protecting sensitive data

Image
Last month I wrote an article on key things to consider when protecting high valued assets or sensitive data. The article called Security Tip of the Month: Protecting Highly Sensitive Information addressed some of the key items that organizations should consider when protecting data that has the possible impact on an organization that is irreparable. As my article stated the cost of protecting this data tends to be higher than most data. Fact is that this data is not traditionally just sensitive such as credit card data, or HR data. Key indicators of what is High Value Data can be summed up like this. Assets that are considered to be of high value will frequently have the potential to cause the following conditions if they are lost or divulged: •        Loss of life - such as an informant list •        Regulatory fines - such as financial performance data •        Significant damage to the business - such as code signing and encryption keys (private) or trade secrets
Read more

Secure workstation - Root of trust to manage the cloud

Image
Two months ago I introduced the Azure secure workstation, and I’ve had the privilege to present the ideal to some great audiences. From the discussions, a common question I’ve been asked is a pattern that would provide the Secured PAW model lock down scenario to exclusively manage an Azure Portal (EG how to I assure only secured workstation, and users assigned to the program can manage my cloud services)? In this article I’ll provide the NEXT step to accomplish exactly that outcome. This includes additional configurations that I only lightly covered, or net new technology to apply since the publishing of the doc. Proposed outcome “ How do I” Use a Secured workstation (that I can trust) to manage my Azure cloud. Here’s how I would deploy the solution. First I will start by deploying the Secured Workstation model this using the secured profile. New technology, and capabilities to add: Hardware root of trust – in our solution we post the idea that you can
Read more

Why is privileged access important?

Image
Last year about this time I had published updates to the Azure Secure Workstation that was originally released two years ago. And This month the solution has been considerably rewritten and revised to provide a better more complete management for privileged access!  Collaborating with two great security experts James Noyce, and Mark Simos The content got a massive overhaul, and a broad perspective on what it takes to build and manage a comprehensive privileged access solution, including account management, device management, intermediaries such as VPN's and interfaces such as Web and Cloud services. Additionally, the solution was uniformly designed with three distinct security levels that anyone reading the article can deploy from a more flexible Enterprise security, to a comprehensive isolated PAW or privileged Access Management. Over the past two years I've been working to explain and illustrate how you can use a cloud-based solution to build an effective Zero tr
Read more