Allow me to run my Windows Azure application in compliance with standards such as PCI, HIPAA, etc.
AdminMike Wickstrand
(Admin, Microsoft Windows Azure)
shared this idea
13 comments
-
Richard Conway
commented
This would be nice but certificate would take ages. PCI-DSS is relevant for me for one the projects I'm on. I know that I can application harden to an extent that it would be no less secure than a hosted service but it's the compliance issue that's a problem. Check out the new Windows Azure Trust Centre which show Microsoft's commitment to understanding these kinds of issues.
-
Azure
commented
The base Windows Azure operating system is now ISO 27001
“The Information Security Management System for Microsoft Windows Azure including development, operations and support for the compute, storage (Windows Azure Storage), virtual network and virtual machine services, in accordance with Windows Azure ISMS statement of applicability dated September 28, 2011. The ISMS meets the criteria of ISO/IEC 27001:2005 ISMS requirements Standard.”
-
crpietschmann
commented
Basically you need to store data securely at rest. You can easily encrypt/decrypt data when accessing it from Azure Storage, however it would be nice to have this built in to make it easier. Also, adding Transparent Data Encryption support to SQL Azure would help complete meeting these requirements. Go vote for it here: http://www.mygreatwindowsazureidea.com/forums/34685-sql-azure-feature-voting/suggestions/402425-enable-transparent-data-encryption
-
RobS
commented
PCI compliance is absolutely mandatory in the Hospitality sector where taking credit card payments (securely) is a requirement. How is Microsoft/Azure going to look to support PCI and PA-DSS (the certifcation software vendors need to go through to ensure their apps are compliant)?
-
Paul Brown
commented
In order to take credit card payments we are going to need to be PCI compliant (the merchants will often insist). Surely the intention of Azure is to also support SaaS vendors that will take card payments for their services which therefore makes PCI compliance quite crucial.
-
Don Rule
commented
1. I need to know if there is any reason a Silverlight - Azure - SQL Azure application cannot be HIPAA compliant today (like database encryption - is it a hard requirement? - is it coming as a configuration option??)
2. the prescriptive guidance that Andy mentions would be great -
Brian
commented
This will definitely be a huge make/break with my company as well. Healthcare is growing real fast, especially with government requirements for EMR (Electronic Medical Record).
We are constantly being Audited, and will not touch anything that is not certified as HIPAA compliant.
-
Sage Grahame
commented
Healthcare isn't a small industry by any means. Thanks for the link pita.o
-
pita.o
commented
Any chance the following publication may advance the conversation?
http://www.globalfoundationservices.com/documents/MicrosoftComplianceFramework1009.pdf -
andrew.mcclenaghan commented
We could use this for some of our work with highload payment systems but only if it is PCI compliant and there is clear documentation on how it is secure.
-
ShaunT
commented
Mike, we are in the health care space and this is a definite must for us.
-
Thanks for clarifying Andy, I appreciate it. Sorry about the typo.
Mike
-
Andy
commented
Hello! It's HIPAA (Health Insurance Portability and Accountability Act). And yes, clear verbage describing how we're being HIPAA-compliant is going to be extremely important to any healthcare-related services.
