Share via

What are the Azure Flexible server PostgreSQL plans / roadmap to be compliant for European DORA act

Srinarong, Teerapong (Allianz Technology Thailand) 0 Reputation points
2024-03-05T05:55:11.9366667+00:00

As per the new Digital operational resiliency act, any financial services operating in europe need to be compliant by Jan 2025. For more reading please see the https://www.pwc.be/en/industry-sector/financial-services/digital-operational-resilience-act.html?gclid=Cj0KCQjwsp6pBhCfARIsAD3GZuZRhN_d2uCMkDHJ8UUoJ0FHVl1RYUSQ94oHls_4g1z6wUn5pSXhjOMaAq_WEALw_wcB

I've questions related with External Key Management for PostgreSQL Flexible server,

We have requirements regarding to D.O.R.A Act. it mentioned  about external key management.

“Advanced Encryption with Comprehensive Azure Key Management

Effective, secure use of cloud services involves an increasing number of decisive moments, such as when you consider using sensitive data in any cloud. You can rely on Thales to secure your digital transformation. Thales advanced encryption and centralized key management solutions give you protection and control of data stored on your premises, Microsoft Azure, and other cloud providers. Thales technology enables you to:

 

Avoid cloud vendor encryption lock-in and ensure the data mobility you need while you efficiently and securely spread workloads and data across multiple cloud vendors, including Microsoft Azure, with centralized, independent encryption management”

 

So If We need to compile D.O.R.A regulation we need to provide our Key from Allianz central team that the Key managed by us to Azure Flexible server (CMK) Feature.

 

But I can see only Key vault and HSM option available only.

 

Could you please help to check and update on this topic D.O.R.A ? (as of MARCH 2024)

Best Regards,

Azure Database for PostgreSQL

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. SSingh-MSFT 16,371 Reputation points Moderator
    2024-03-12T04:09:29.4433333+00:00

    Hi Hi Srinarong, Teerapong (Allianz Technology Thailand) •,

    Thanks for your patience.

    We have got the below reply from the internal team:

    DORA has two main objectives: to comprehensively address ICT risk management in the financial services sector and to harmonize the ICT risk management regulations that already exist in individual EU member states.

    Key data security requirements as mandated by DORA Act

     

    Requirement Flexible Server feature that helps
    Requirement Flexible Server feature that helps
    Ensure the security of the means of transfer of data. Control keys to the cloud with Flexible Server CMK, with access controls to prevent decryption of data-at rest.
    Minimize the risk of corruption or loss of data and unauthorized access​. Use RBAC and AAD with Flexible Server to control access, backups and replication to minimize risk of data loss from corruption
    Prevent breaches of confidentiality and the loss of data.​ Ability to use Flexible Server CMK with Azure HSM, which is Full key lifecycle management with FIPS 140-2 level 3 Certified HSMs.
    Implement security policies and strong authentication mechanisms.​ Ability to use Flex server with AAD, Azure Policy (coming soon) for security policy and Defender

     

     

     

    You seem to be quoting Thales advertisement\paper.  Our answer to that would be CMK with HSM - Data encryption with customer-managed key - Azure Database for PostgreSQL - Flexible Server | Microsoft Learn

    Let us know if this helps.

    Thanks

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.