Azure Compliance for Web Application
Question
I understand Azure has many compliance certifications (SOC2, ISO27000 etc - a whole list can found here: https://azure.microsoft.com/en-us/overview/trusted-cloud/compliance/ ).
Does hosting an application on Azure stack automatically certifies the application for these certifications? I see that Microsoft offers BAA to their customers.
If not, is there any framework that allows or helps in the process?
thanks!
1 answers
solution1
0 2020-12-30 05:04:02
I work with Azure Web Apps and I used to work on the Azure Billing team so I'll try to use my knowledge and experience to answer your question to the best of my ability. Ultimately, you may want to speak to a compliance officer.
In regards to Azure Web Apps, many customers seek PCI compliance when running a store front. They often still have to run a compliance scan against their Web App to show that it completed successfully. Sometimes the scans will flag certain ports being open as an issue but that would not be a concern with Azure Web Apps for example traffic ultimately only comes in and out via 80 and 443. Customers typically are granted an exception for any nuisances that are in the report.
Azure Blueprints help guide customer through the process of ensuring their architecture will be compliant. I suggest you check that out further.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.