Module 5cb - Identity, Governance, Privacy and Compliance - Privacy, Azure Government

Question 1

How does Azure address security and compliance wrt Azure Government?

Answer 1

Physical isolation from non-US Government (Public) cloud, which addresses all security and compliance needs for each level of Government

Question 2

Hint: Six of them…

What regulations and requirements are Azure Government data-handling services subject to?

Answer 2

• FedRAMP (Federal Risk & Authorization Mgmt Program)
• NIST 800.171 Defense Industrial Base (Nat. Inst. of Standards and Tech)
• ITAR (Int. Traffic in Arms Reg)
• IRS 1075
• DoD L4
• CJIS (Criminal Justice Info Service)

Question 3

What are three major differences between Azure and Azure Government?

Answer 3

1. Az Gov is physically segregated from public Azure
2. Az Gov has different endpoints for services (.us vs .com)
3. The following are NOT AVAILABLE in Az Gov:

Cognitive/AI:

• Bot Service
• Cognitive: Content Moderator
• Cognitive: Language Understanding (LUIS)
• Cognitive: Translator

Open Source-based:

• Azure K8s
• Azure MySql

Recommendation Features in Azure Advisor, Cost Management, Azure Lighthouse, Azure Monitor, Azure Migrate, and a host of others

Question 4

What’s the process and calculation for right-sizing VMs in Azure Government?

Answer 4

• Advisor monitors VM usage for 7 days to identify low-utilization machines
• Low Utilization == CPU <= 5% + Network Utilization < 2%, OR if the workload can be accommodated by a smaller VM size

Question 5

Hint: There are eight (DoD, Gov, Sec)

What are the eight (8) Azure Government Regions?

Answer 5

• US DoD Central
• US DoD East
• US Gov AZ
• US Gov TX
• US Gov VA
• US Sec East
• US Sec West
• US Sec West Central

Question 6

Azure Government is PCI DSS compliant (i.e. are certified to process and store payment information and related data) (T/F)?

Answer 6

True

Question 7

What are two (2) personnel security requirements for using Azure Government?

Answer 7

• Screened US Personnel only
• Level 5 DoD approval

Question 8

What is Azure China 21Vianet?

Answer 8

All data transactions involving Chinese private data, corporate data, financial data, etc. are required to go through China’s state controlled ISP 21Vianet (Shanghai Blue Cloud Technology Co., Ltd).

Question 9

What are cloud service providers required to have from Azure China 21Vianet and China Telecom Regulations?

Answer 9

According to the China Telecom Regulation, all providers of cloud services, IaaS, PaaS must have Value-Added Telecom Permits

Question 10

Azure China requires all providers of Cloud Services to have Value-Added Telecom Permits. What is the minimum qualification for those permits?

Answer 10

Must be a *locally registered* company with LESS than 50% foreign investment

Question 11

All Azure services are available in Azure China 21Vianet (T/F)?

What’s required from Customers who use those Services?

Answer 11

True.

Customers are required to sign agreements/contracts with 21Vianet.

Question 12

To host your applications in China you need only deploy the same services and such in Azure China 21Vianet (via ARM Templates) (T/F)? Why? (Two things)

Answer 12

False.

1. Even if you already use Azure services, you may need to actually REHOST IN THEIR REGIONS or even refactor some or all your applications
2. Your customers may need to sign additional contracts with 21Vianet