Azure has been designed with industry-leading security measures and privacy policies to safeguard your data in the cloud, including the categories of personal data identified by the GDPR. Azure can help you reduce risks and achieve compliance with the GDPR.
Identifying what data you have and controlling who has access to it is a critical requirement of the GDPR. Azure enables you to manage user identities and credentials and control access to your data in several ways:
- Azure Active Directory (Azure AD)– helps you ensure that only authorised users can access your computing environments, data, and applications. It features tools such as Multi-Factor Authentication for highly secure sign-in. Additionally, Azure AD Privileged Identity Management helps you reduce risks associated with administrative privileges through access control, management, and reporting.
- Azure Information Protection– helps ensure that your data is identifiable and secure, a key requirement of the GDPR— regardless of where it’s stored or how it’s shared. You can classify, label, and protect new or existing data, share it securely with people within or outside your organisation, track usage, and even revoke access remotely. Azure Information Protection also includes rich logging and reporting capabilities to monitor the distribution of data, and options to manage and control your encryption keys.
Protecting personal data
Protecting personal data in your systems and reporting on and reviewing for compliance are key requirements of the GDPR. The following Azure services and tools will help you meet these GDPR obligations:
- Azure Security Center– provides you with visibility and control over the security of your Azure resources. It continuously monitors your resources, provides helpful security recommendations, and helps you prevent, detect, and respond to threats. Azure Security Center’s embedded advanced analytics help you identify attacks that might otherwise go undetected.
- Data Encryption in Azure Storage– secures your data at rest and in transit. You can, for example, automatically encrypt your data when it is written to Azure Storage using Storage Service Encryption. Additionally, you can use Azure Disk Encryption to encrypt operating systems and data disks used by virtual machines. Data is protected in transit between an application and Azure so that it remains secure at all times.
- Azure Key Vault– enables you to safeguard your cryptographic keys, certificates, and passwords that help protect your data. Key Vault uses hardware security modules (HSMs) and is designed so that you maintain control of your keys and therefore your data, including ensuring that Microsoft cannot see or extract your keys. You can monitor and audit use of your stored keys with Azure logging, and import your logs into Azure HDInsight or your SIEM for additional analysis and threat detection.
- Log Analytics – Azure provides configurable security auditing and logging options that can help you identify and repair gaps in your security policies to prevent breaches. Additionally, Log Analytics helps you collect and analyze data generated by resources in either your cloud or on-premises environments. It provides real-time insights using integrated search and custom dashboards to readily analyse millions of records across all workloads and servers regardless of their physical location.
This article was taken from our White paper – The EU General Data Protection Regulation (GDPR) – What is it and why does it affect my organisation?
To request a copy or to find out more about how Azure AD can help your organisation meet its GDPR obligations, click here.