29 Ottobre 2024

Accelerate cloud adoption with Microsoft Cloud for Sovereignty

Achieving regulatory compliance and data sovereignty is critical for organizations, particularly within the public sector. As governments and industries with stringent regulations continue to enhance their cloud frameworks, the demand for robust solutions that help ensure compliance while advancing digital capabilities is on the rise. 

Microsoft Cloud for Sovereignty is at the forefront of this movement, offering comprehensive solutions tailored to diverse regulatory landscapes, enabling organizations to streamline their compliance processes and meet necessary standards efficiently and effectively while in the hyperscale cloud. The most recent updates are designed to help customers navigate the complexities of regulatory frameworks, streamline compliance processes, and enhance their overall data control. By leveraging these new capabilities, organizations can confidently advance their digital transformation while maintaining the highest standards of compliance and data protection.

Microsoft Cloud for Sovereignty

A decorative image of cloud computing icons

The latest from Microsoft Cloud for Sovereignty

Microsoft Cloud for Sovereignty is introducing several significant updates:

  1. Policy portfolio enhancements: The policy portfolio now includes new initiatives like Network and Information Security Directive (NIS2) and others to help regulated industries in their compliance requirements.
  2. Sovereign Landing Zone in Terraform: The Sovereign Landing Zone (SLZ) can now be deployed using Terraform, providing advanced sovereignty controls and capabilities supporting regulatory compliance for organizations with stringent regulatory requirements. 
  3. PubSec Information Assistant now has secure mode, which helps organizations meet their sovereignty objectives and address data protection and privacy issues. 
  4. Guidelines for Azure Databricks in regulated industry: Azure Databricks guidelines and reference architecture help users build a well-architected environment that adheres to best practices for regulated industries. 
  5. Regulated Environment Management portal (REM) now in private preview, offers a suite of Azure services to manage the entire lifecycle of cloud environments, helping meet compliance and transparency needs for industries including public sector and beyond.  

Policy portfolio enhancements

The Microsoft Cloud for Sovereignty policy portfolio, which expands on the Azure built-in policy initiatives, helps customize deployments to align with specific custom policy frameworks. A policy initiative is a collection of technical controls mapped to regulations and frameworks published by governments or organizations. By leveraging these policy initiatives, organizations can streamline their compliance processes, reduce time needed to audit environments, and help meet both established regulatory compliance and government requirements efficiently and effectively.  

Currently, the portfolio includes six publicly available initiatives for varying data classification levels, with more in development. Notable examples of these initiatives included in this latest update are the Network and Information Security Directive 2 (NIS2), Spain Esquema Nacional de Seguridad (ENS), and New Zealand Information Security Manual (ISM). 

We continue working to enhance the Azure policy initiative for NATO’s D32 directive on the protection of information in the public cloud to support diverse security requirements across levels of classification for the protected business network in a public cloud at NATO. A policy initiative preview has been developed for the NATO Unclassified requirements, and efforts are underway to create a policy initiative for the NATO Restricted requirements.

Additional information and details about the policy initiatives is available in our Microsoft Cloud for Sovereignty policy portfolio GitHub repository

Sovereign Landing Zone in Terraform

In addition to existing Bicep deployment support, Terraform support is in public preview. The SLZ enables organizations with advanced sovereignty needs to address their regulatory compliance requirements using Terraform, the industry-standard multi-cloud tool for Infrastructure-as-Code (IaC) and Policy-as-Code (PaC) capabilities. Customers can now use Terraform to configure and deploy their landing zones and enforce compliance effectively—underscoring our commitment to providing robust and compliance-oriented cloud solutions tailored to help customers meet the stringent regulatory demands of today’s digital landscape. 

AI in the public sector

Public sector organizations often face the challenge of managing vast amounts of data and require an intelligent solution to quickly find relevant, accurate answers with source references, all in a secure manner. The Information Assistant agent now available on GitHub, can enhance employee productivity by significantly reducing the time needed to locate crucial information within an organization’s collective knowledge base. 

This AI solution serves as a starting point for organizations to develop their own custom generative AI capabilities, leveraging the power of Azure OpenAI Service. It demonstrates a common scenario where large language models (LLMs) are used to “chat with your own data” through the retrieval augmented generation (RAG) pattern. This pattern allows LLMs to generate responses based on your domain data without the need for model fine-tuning. Specifically, this solution is now compatible with Microsoft Cloud for Sovereignty, deployable within the Sovereign Landing Zone (SLZ) online management group with secure mode, and compliant with the Azure policy built-in sovereignty baseline global policy initiative to enforce data residency requirements.  

This update introduces secure mode, a significant step forward in assisting organizations to meet their sovereignty objectives and address data protection and privacy issues. This feature aims to safeguard sensitive data by employing security measures such as encryption and network controls to block unauthorized access. By simplifying many intricate and time-consuming tasks associated with securing systems, secure mode helps organizations bolster their security stance. This not only saves time that would otherwise be spent on manual setups and verifications but also enhances the consistency and dependability of the security measures implemented. 

Microsoft is committed to providing guidance and workload accelerators that empower customers with sovereign requirements to build their own generative AI and agent solutions, leveraging the hyperscale cloud.

Guidance for Azure Databricks in regulated industry

The newly published reference architecture and documentation is available to provide valuable guidance on using Azure Databricks within a Sovereign Landing Zone or Azure Landing Zone deployment. Azure Databricks has several features to help secure environments address stringent regulatory requirements, providing robust security measures and compliance capabilities. It supports data engineering, data science, and data analytics workloads with interactive notebooks for coding and visualization, various compute options for scalable and efficient processing, and seamless data integration with multiple Azure services.

Regulated Environment Management portal

The Regulated Environment Management (REM) portal, currently in private preview, plays a crucial role in Microsoft Cloud for Sovereignty by catering to the public sector and heavily regulated industries. Starting November 2024, REM will transition from a tenant-based to a subscription-based service. This transition brings several new benefits, including configuration data isolation and regional boundaries, managing hundreds of landing zones as a group, including managing permissions on the group level. 

We are also introducing the Landing Zone Account (LZA) to serve as a group for creating, configuring, deploying and managing landing zones—all from a single place. Each landing zone account is associated with a region and a subscription. LZA offers data isolation and residency, simplifying the management of landing zones, while still maintaining the flexibility to deploy the landing zone in any region. For developers, REM now includes a representational state transfer (REST) application programming interface (API), enabling flexibility and ease of integration.

Transparency logs are available as a preview Azure service, providing customers with visibility into occasions when Microsoft engineers accessed customer resources using the just-in-time access service. Customers can now configure transparency logs directly through the REM portal via an Azure resource, simplifying the onboarding experience. In addition to these capabilities, REM allows customers to manage their policy portfolios through the Azure portal, including deploying policy initiatives to Azure. 

Moving forward

Implementing Microsoft Cloud for Sovereignty capabilities is pivotal in enabling organizations in government, the public sector, and heavily regulated industries to meet their compliance requirements while leveraging the latest digital innovations. By staying committed to transparency, security, and compliance, Microsoft Cloud for Sovereignty will empower organizations to navigate the complexities of the digital age with confidence and agility.

Learn more about Microsoft Cloud for Sovereignty

The post Accelerate cloud adoption with Microsoft Cloud for Sovereignty appeared first on Microsoft Industry Blogs.


Source: Microsoft Industry Blog