The Azure Security and Compliance Blueprint enable customers to build and launch cloud-powered solutions that are suitable for handling sensitive payment and cardholder data, including card number, expiration, and verification data. This blueprint provides guidance and common reference architectures designed to help protect your applications and data, support your compliance efforts, and provide cost-effective security for organizations of all sizes.
Deploying the PCI-DSS blueprint is as easy as logging into https://portal.azure.com and searching for blueprint, where you will find this and several other blueprints.
One way to address this is with the Azure Blueprints. These are a set of resources that can help you with industry-specific (including regulatory compliance) implementations. I found this resource very helpful, and it has the following reference architectures for Azure services:
- Data Analytics
- Data Warehouse
- Infrastructure as a Service
- Platform as a Service
In this article, I am looking at the infrastructure as a Service offering as this aligns with azure IaaS security. Additionally, there are resources around existing regulations, and I’m going to take the one around PCI-DSS (a financial services standard). For this Azure service, there are five key documents available on the PCI Blueprint page: https://servicetrust.microsoft.com/ViewPage/PCIBlueprint?command=Download&downloadType=Document&downloadId=651021ec-9df3-4e4b-856e-920bc71ee67a&docTab=78e66cc0-2d2f-11e8-8de7-6dfd4f8bc550_IaaS
This below workbook lists the security controls required by PCI-DSS and denotes how the PCI-DSS IaaS Web Application architecture aligns with the control requirements.
Azure Security and Compliance Blueprint – PCI-DSS IaaS Web App Implementation Matrix