Multicloud strategies have become the new norm for most enterprises, with over 90% of organizations adopting multiple cloud infrastructures (IaaS), platforms (PaaS), and services (SaaS) to run their businesses. However, a lack of visibility into this growing digital infrastructure exposes organizations to significant risks. As a customer, you may conduct business with Microsoft 365, run workloads on Azure, Amazon Web Services (AWS), and Google Cloud (GCP), and rely on services like Zoom or Salesforce. Yet in this ever-expanding digital ecosystem, you need to ensure that you uphold your regulatory and customer commitments and adhere to privacy and security best practices, regardless of where your data lives. Today, we’re excited to announce new multi-cloud capabilities for Microsoft Purview Compliance Manager that help you understand and manage your compliance posture across clouds and workloads.
View and understand compliance posture across your multi-cloud environment
The first step in achieving and maintaining an optimal compliance posture is understanding how your current environment maps to your regulatory responsibilities. Compliance Manager supports over 350 regulations and standards, affording you a front-row seat to your organization’s current compliance posture within the context of the requirements or best practices you care about most. This view extends across your cloud services as well, providing a summary view of your posture across all relevant clouds.
Zoom into a specific posture assessment, such as this one for PCI DSS 3.2.1, and you’ll see a detailed drilldown of your performance for each of your clouds, allowing you to effectively plan and prioritize any remediation efforts, as well as monitor your organization’s progress. Compliance Manager partners with Microsoft Defender for Cloud to provide the most up to date results across your clouds, running nearly 1,000 tests across connected clouds and services every day. These tests are mapped across the relevant regulatory framework, allowing you to see precisely which control is impacted, and assign an owner or take action yourself as needed.
Figure 2: Detail view of PCI DSS posture assessment
Leverage clear and detailed guidance to remediate issues across your clouds
Dive into a specific control, and you’ll see that Compliance Manager provides a set of recommended actions necessary to meet the control requirements, each specially tailored to your multi-cloud environment. This guidance takes the guess-work out of managing your compliance posture, allowing your users to spend more time taking action and less time parsing control language or searching for relevant functionality. In the case of Control 10.1 for PCI DSS 3.2.1, Compliance Manager advises a set of specific actions to help you ensure that your audit trails are as robust as possible, using its knowledge of your clouds’ configurations to recommend features or capabilities that you are not utilizing to their potential.
Figure 3: Status details of PCI control 10.1, with list of associated actions and test results
Tailor remediation efforts with resource-level evidence
Compliance Manager provides clear implementation steps to help you tackle the necessary configuration changes, then goes the extra mile with resource-level details showing you exactly where changes are needed.
Figure 4: Action drilldown with instructions for enabling Firewall rule logging in GCP
In the case of enabling firewall rule logging for GCP, all firewall rules across your selected GCP accounts are displayed alongside their logging status, allowing an admin to jump into GCP and follow the provided guidance to enable logging where it’s needed. This saves time and effort and helps reduce unnecessary changes. Once the changes are complete, Compliance Manager will update the status of each rule on its next test pass and preserve the record of the change for auditing and evidence collection.
Figure 5: Detail view of GCP Firewall rules and their logging status
Figure 6: The GCP firewall rule configuration page reached by following the deeplink on the Compliance Manager action
Simplify posture management and maintenance
Purview Compliance Manager also helps you maintain your compliance posture and retain the progress you’ve made – we do this by ensuring that our regulatory guidance incorporates the latest updates, as well as adding and updating our action recommendations as new features are released across supported clouds. These capabilities allow Purview Compliance Manager to be your one-stop shop for your compliance posture needs across your clouds, informing you of relevant changes, monitoring your configuration and recommending changes, and helping you reduce risk and keep your multi-cloud enterprise running smoothly.
Explore more Purview Compliance Manager resources We are thrilled to share these announcements with you. Here is a summary of the next steps and other resources to help you and your organization get started with these capabilities:
Compliance Manager is part of the Microsoft Purview suite of solutions designed to help organizations manage, govern and protect their data. If you would like to experience Compliance Manager and other Purview solutions for yourself, check out our E5 Purview trial.
If you’re interested in learning more about Compliance Manager’s multi-cloud capabilities and how you can upgrade your own Assessments to multi-cloud, visit our guide to multicloud support.