Editor’s note: This post comes from Il-Sung Lee, SQL Server Engine Security Program Manager.
Earlier this year, we announced the availability of HIPAA Business Associate Agreement (BAA) for Windows Azure Core Services. I’m sure many of you are excited about the opportunity to leverage the efficiencies of the cloud, and are considering running your SQL Server instances in Windows Azure Virtual Machines. But those of you who have obligations to comply with various regulatory standards, may have concerns around what moving to the Windows Azure cloud may mean for your ability to meet such compliance requirements. Fortunately, Windows Azure complies with a number of industry regulations and standards, which means that it is possible to build a compliant solution with SQL Server running in a Virtual Machine (for a breakdown of compliance by feature, see the Windows Azure Trust Center compliance page). And while you are still responsible for implementing the controls to make SQL Server compliant, just as you would if you installed SQL Server on your own machine, you now have the option to use SQL Server, along with its rich set of security and compliance features such as Transparent Data Encryption (TDE), locally or in the cloud for your compliance sensitive workloads.
Here are some resources to help you get started on achieving your compliance goals:
- Windows Azure Trust Center
- SQL Server 2008 Compliance Guide (the guidance is equally applicable to 2012)
- Supporting HIPAA Compliance with Microsoft SQL Server 2008
- SQL Server 2012 Security & Compliance
We’re continuously working towards improving our compliance story and we’ll update you with any updates through this blog.