Safeguard data with Azure

Completed

Protection of sensitive data is essential in the public sector and Azure provides many features and services that safeguard data throughout its lifecycle. These features allow government agencies to maintain full control over their data and comply with local regulations around data protection and privacy.

Protect data and privacy

Azure is available globally in more than 60 regions and is used by customers worldwide to meet data protection and privacy requirements.

Azure provides strong customer commitments for data residency and transfer policies. Most Azure services allow the customer to specify the deployment region. For those services, Microsoft doesn't store customer data outside the customer's specified geography. Customers can use extensive and robust data encryption options to safeguard their data in Azure and control who can access it.

Choose how to safeguard data

The following list shows some of the options available to customers for safeguarding their data in Azure:

  • Customers can choose to store the most sensitive content from their customers in services that store customer data at rest in a customer-selected geography.
  • Customers can further protect their data by encrypting it with their own key using Azure Key Vault.
  • Data encryption in transit helps protect data from interception.
  • Azure is a 24 x 7 globally operated service; however, support and troubleshooting rarely require access to customer data.
  • Customers who want added control for support and troubleshooting can use Customer Lockbox for Azure to approve or deny access to their data.
  • Microsoft notifies customers of any breach of customer or personal data within 72 hours of incident declaration.
  • Customers can monitor potential threats and respond to incidents on their own using Microsoft Defender for Cloud.

Now let’s look at a sample conceptual architecture that accounts for these various classification levels.