Regulatory Compliance Considerations for SQL Server Running in Windows Azure Virtual Machine

Editor’s note: This post comes from Il-Sung Lee, SQL Server Engine Security Program Manager.

Earlier this year, we announced the availability of HIPAA Business Associate Agreement (BAA) for Windows Azure Core Services.  I’m sure many of you are excited about the opportunity to leverage the efficiencies of the cloud, and are considering running your SQL Server instances in Windows Azure Virtual Machines.  But those of you who have obligations to comply with various regulatory standards, may have concerns around what moving to the Windows Azure cloud may mean for your ability to meet such compliance requirements.  Fortunately, Windows Azure complies with a number of industry regulations and standards, which means that it is possible to build a compliant solution with SQL Server running in a Virtual Machine (for a breakdown of compliance by feature, see the Windows Azure Trust Center compliance page).  And while you are still responsible for implementing the controls to make SQL Server compliant, just as you would if you installed SQL Server on your own machine, you now have the option to use SQL Server, along with its rich set of security and compliance features such as Transparent Data Encryption (TDE), locally or in the cloud for your compliance sensitive workloads.

Here are some resources to help you get started on achieving your compliance goals:

We’re continuously working towards improving our compliance story and we’ll update you with any updates through this blog.