New privacy regulations can require enterprises of certain countries, such as Rwanda, India and Indonesia, to host their data within the country of operation. These Data Residency Laws proved an issue for Assai, as it meant that customers within these regions would no longer be able to use Assai’s services. With the help of Sentia, cloud service provider, Assai has been able to successfully implement its Azure Cloud environment compliant with local data laws. Show Assai is an international leader in Document Control and Management Solutions for complex engineering and construction projects. Generally, it hosts its data from four main regions, the European Union, the United States, Singapore, and Australia, with the use of Microsoft Azure’s cloud environment. “When we decided to host Assai Cloud on Azure’s global data centers in 2015, the main advantages compared to on-premise were security, speed, and ease-of-use.” states Floris Schrijvers, CTO at Assai. “But if a customer specifically requested to localize its data in the past, we would suggest using our software on-premise on privately managed servers. In today’s IT landscape, however, we felt that this solution no longer met our standards.” Installing local servers is a seemingly simple solution to comply with Data Localization Laws. However, without strong maintenance and security guardrails, self-owned servers easily become a liability. What happens when a local outage takes place? Who guarantees continuous protection against data theft, or worse, ransom-ware attacks? Another challenge arises when a customer has global teams, who wish to access or retrieve documents from across the world. Floris: “Successfully managing a private cloud requires extensive resources and expertise. We did not want to place that responsibility on our customers. The Azure Cloud Platform offers one of the most secure, reliable, and user-friendly solutions of today. Next to that, it’s supportive of the environmental goals of many organizations, as it reduces their server footprint. That’s why we really wanted to find a way to provide our customers with a way to comply with their country’s regulations without losing their digital advantages.” Assai was successful in addressing this challenge. Combining the resources of Azure with the expertise of Sentia, Azure Expert MSP, and MainOne, a local ISP in the African region, Assai worked to install physical servers in the countries of its affected customers and connect these with Azure Stack. “Azure Stack is a solution that enables developers to centrally manage an application through their own public server and then deploy it locally,” explains Nick Kazen, Cloud Architect at Sentia. “Keeping centralized control of Assai Cloud was essential to guarantee the consistent quality of the platform. As the software now rolls out to local servers, the data of Assai’s customers can remain within the DR Region at all times.” Are you looking for a Cloud DMS, but are you faced with data residency laws within your country? Assai has got you covered! From the course: Microsoft Cybersecurity Architect Expert (SC-100) Cert Prep: 2 Evaluate Governance Risk Compliance (GRC) and Security Operations Strategies Video is
locked. “ - [Instructor] The SE 100 exam may challenge you to design for data residency requirements. And when we're designing for data residency, it's usually in the context of data sovereignty. So data sovereignty implies data residency, but it also introduces rules and requirements for who has control of and access to cloud data. Data sovereignty mandates that customer data is subject to the laws and legal jurisdiction of the country or
region in which data resides. And you can use Azure public cloud and Azure stack products together for hybrid solutions that meet your data residency and sovereignty requirements. When it comes to personal data you retain all rights. Titles and interest to customer data, personal data, and other content. Microsoft will not store or process customer data outside of the geography you specify except for very specific services and scenarios. Now you are in control of any other geographies where you…
Contents Business ProblemDuring my last assignment with a client for migrating some on-premise applications and data to Microsoft Azure, I was asked by the customer that they would only be allowed to store the data in a particular geo location. That is to say, they wanted to know how cloud will help them to follow data residency and sovereignty requirements. What Is Data Residency?Data residency is a compliance requirement where a business focuses on storing their data in a specific geo-location. There may be many reasons for this requirement, but it is generally governed by government compliance, such as GDPR in Europe. In a cloud-based project, most customers have concerns about data residency and data sovereignty. SolutionIn Microsoft Azure, we can manage data residency and sovereignty using various mechanisms like Hybrid Connectivity using VPN connectivity, Express Routes, Data gateways and by using the Microsoft Azure Stack, Azure policies. In this article we will see how data residency and data sovereignty can be achieved in Microsoft Azure. My client was willing to move his data to Microsoft Azure cloud but his prime consideration was to store the data in UK South and West locations only due to GDPR. To assist such type of requirement, Microsoft Azure has its data center locations in Europe and customers can store their data in those data centers but keeping the restrictions in place that storing of data will not be allowed other that preferred location is still a big challenge. To overcome such challenge Microsoft Azure provide azure-policy based governance which enforce different rules and effects cloud resources to make resources stay compliant with your policy requirements.
To achieve our goal to keep data on specified cloud locations , we used azure policy management with these build in policies.
Let See how these policies helps me to achieve the requirement. Step 1 : Log on to the Azure portal at https://portal.azure.com Step2 : Search for Policy in Global search bar and select policy Step :3 On Left navigation click on Assignments and then click on Assign policy link on top Step 4: Select your azure subscription on which you would like to enforce
this policy , Step 5 : Click on … for policy definition Step 6 : Select the Allowed location policy and Select. Step7 : Now Go to Parameter page and select UK South,UK West and West Europe Regions Step 8: Hit Review and Create the policy How to Test the PolicyAs this policy is enforced and scoped on Azure subscription level. Let see that, can this restrict us from creating a azure storage account other than selected locations in the policy parameters. Clicking on the details on failed message bar, it shows that, policy is restricting to create storage account. 9 .We can see while i try to create storage account on “EAST US 2” location , its gets failed during the validation step. It's created. We can see that Azure policies helps us address the prime concern of our customer to allow storing of data only to preferred locations to follow the legal compliance. Further ReadingWhy I Don't Mind Having a European AWS Competitor A Bootiful Podcast: Data Sovereignty, Microservices, Cloud Foundry, and More [Podcast] Opinions expressed by DZone contributors are their own. What is data virtualization in Azure?The data virtualization feature of Azure SQL Managed Instance allows you to execute Transact-SQL (T-SQL) queries on files storing data in common data formats in Azure Data Lake Storage Gen2 or Azure Blob Storage, and combine it with locally stored relational data using joins.
What is data store in Azure?Datastores are attached to workspaces and are used to store connection information to Azure storage services so you can refer to them by name and don't need to remember the connection information and secret used to connect to the storage services.
What is Azure Data lake used for?Azure Data Lake includes all the capabilities required to make it easy for developers, data scientists, and analysts to store data of any size, shape, and speed, and do all types of processing and analytics across platforms and languages.
Where is Azure AD data stored?Azure AD DS stores user data in the same location as the customer-selected Azure Virtual Network. So, if the network is outside Europe, the data is replicated and stored outside Europe.
|
