Microsoft Azure
The Microsoft Cloud global infrastructure includes two key components: physical infrastructure and virtual network components. The physical component comprises over 200 physical data centers organized into regions and geographies, which are then linked by one of the largest interconnected networks on the planet. Each data center houses a set of networked computer servers. Microsoft Azure offers several services tailored to meet stringent regulatory compliance, data privacy, and security needs for financial services industry workloads.
For more information, see the following information resources:
- Azure global infrastructure
- Enabling Data Residency and Data Protection in Microsoft Azure Regions
- Azure security fundamentals documentation
Azure Payment HSM
Azure Payment Hardware Security Module (HSM) is a bare metal infrastructure as a service (IaaS) that provides cryptographic key operations for real-time payment transactions in Azure. The module is delivered using Thales payShield 10K payment HSMs and meets the most stringent payment card industry (PCI) requirements for security, compliance, low latency, and high performance.
For more information, see Azure Payment HSM.
Confidential Computing
Azure confidential computing offers solutions to enable isolation of your sensitive data while processed in the cloud. Confidential computing can be relevant in several highly sensitive scenarios for financial services such as anti-money laundering, digital currencies, secure payment processing, fraud prevention, credit risk assessment from combined records, and securing proprietary algorithms.
For more information, see Azure confidential computing Overview.
Key Management
Cryptographic authentication and encryption are effective strategies for meeting confidentiality, privacy, and data sovereignty requirements. However, the effectiveness of these solutions relies on the security and resilience of the underlying cryptographic technologies and operational processes. Read the following articles for information on concepts that you should be familiar with when planning for using encryption keys and digital certificates for securing the workloads that you're migrating to the cloud.
-Key management and certificate management -Key sovereignty, availability, performance, and scalability in Managed HSM
Connectivity to legacy systems
Azure Logic Apps offers many connectors to simplify and integrate existing mainframe and midrange systems with modern cloud environments.
For more information, see Mainframe and midrange modernization - Azure Logic Apps
Isolation in the Azure Public Cloud
Azure allows you to run applications and virtual machines (VMs) on shared physical infrastructure. A prime economic motivation for running applications in a cloud environment is the ability to distribute the cost of shared resources among multiple customers. This practice of multi-tenancy improves efficiency by multiplexing resources among disparate customers at low costs. However, this approach also introduces the risk of sharing physical servers and other infrastructure resources to run your sensitive applications and VMs that might belong to an arbitrary and potentially malicious user.
The following article outlines how Azure provides isolation against both malicious and nonmalicious users. In addition, the article serves as a guide for architecting cloud solutions by offering various isolation choices: Isolation in the Azure Public Cloud.
EU Data Boundary for the Microsoft Cloud
Microsoft is currently building the EU Data Boundary for the Microsoft Cloud for commercial and public sector customers in the European Union (EU). The data boundary goes beyond current data residency commitments in the EU. This commitment applies across the main Microsoft cloud services—Azure, Dynamics 365 and Power Platform, and Microsoft 365. The EU Data Boundary applies to countries/regions in the EU and the European Free Trade Area and is supported by a significant expansion of data centers in Europe.
Microsoft Cloud for Sovereignty
Microsoft Cloud for Sovereignty is built on Azure public cloud regions, providing regulated customers a solution to build, move, and operate their data and workloads in the cloud while meeting their legal, security, and policy requirements. The solution helps accelerate their digital transformation journey and cloud adoption. Regulated customers can harness the full power of the cloud along with security, greater transparency, auditability, and control over their data sovereignty. Microsoft Cloud for Sovereignty uses engineering innovation to create a customized environment in Azure designed to meet compliance needs. It also provides processes that provide assurances of operational transparency and invests in technical architectures that are built on Microsoft Cloud services for security, encryption, confidential computing, and hybrid cloud management.
For more information, see What is Microsoft Cloud for Sovereignty