Infrastructure governance

Highly regulated financial institutions face challenges in ensuring that developers universally follow their cloud adoption policies in their various lines-of-businesses. Further, these policies also need to meet the regulatory and compliance requirements set by their own Chief Information Security Officers (CISOs) and various regulatory bodies overseeing their operations.

By combining Azure Policy with Azure Landing Zones, your organization can achieve a unified governance model that ensures compliance and consistency across your entire Azure environment. Azure Landing Zones provide scalable infrastructure, while Azure Policy enforces the rules and standards, creating a robust and compliant cloud environment.

Well-Architected Framework

The Azure Well-Architected Framework is a design framework that can improve the quality of a workload by helping it to:

• Be resilient, available, and recoverable.
• Be as secure as you need.
• Deliver a sufficient return on investment.
• Support responsible development and operations.
• Accomplish its purpose within acceptable time frames.

The framework is a recommended starting point for any Azure Infrastructure project.

Landing zones

An Azure landing zone is a structured environment that simplifies the process of building solutions in the Microsoft cloud. It follows key design principles across areas such as identity and access management, network topology, and security. The architecture is modular and scalable, allowing for consistent application of configurations and controls across subscriptions.

Platform landing zones provide shared services like identity and connectivity, while application landing zones host specific applications. Microsoft offers accelerators to help deploy these landing zones efficiently, ensuring that universal policies are implemented seamlessly. This approach helps organizations manage their cloud environments effectively, meeting operational requirements with ease.

FSI landing zone

The Financial Services Industry (FSI) landing zone is a Microsoft Cloud for Financial Services offering that provides opinionated infrastructure-as-code automation for deploying workloads to help financial organizations meet regulatory compliance.

Azure Policy

Azure Policy helps enforce organizational standards and assess compliance at scale. It provides a compliance dashboard for an aggregated view of the environment's state, with the ability to drill down to specific resources and policies. Azure Policy supports bulk remediation for existing resources and automatic remediation for new ones. It uses JSON-based policy definitions to evaluate resources against business rules, which you can group into policy initiatives for easier management. You can extend an Azure Policy across different cloud providers and local data centers with Azure Arc. It works alongside Azure role-based access control (RBAC) to provide comprehensive control over a resource state and user actions. Azure Policy has many built-in initiatives that your organization can directly use.

Related information

• Microsoft Azure Well-Architected Framework pillars
  
• What is an Azure landing zone?
  
• What is Azure Policy?
  
• Microsoft compliance tools