New Azure Blueprint enables SWIFT CSP compliance on Azure

9월 24, 2019에 게시됨

General Manager, Azure Global

This morning at the SIBOS conference in London we announced how our new Azure Blueprint is being introduced by Microsoft in conjunction with the recent efforts to enable SWIFT connectivity in the cloud. It supports our joint customers in compliance monitoring and auditing of SWIFT infrastructure for cloud native payments, as described on the "Microsoft and SWIFT extend partnership to make cloud native payments a reality" blog. 

SWIFT is the world’s leading provider of secure financial messaging services used and trusted by more than 11,000 financial institutions in more than 200 countries and territories. Today, enterprises and banks conduct these transactions by sending payment messages over the highly secure SWIFT network which leverages on-premises installations of SWIFT technology. SWIFT Cloud Connect creates a bank-like wire transfer experience with the added operational, security, and intelligence benefits the Microsoft Cloud offers.

Azure Blueprints is a free service that enables customers to define a repeatable set of Azure resources that implement and adhere to standards, patterns, and requirements. Azure Blueprints allow customers to set up governed Azure environments that can scale to support production implementations for large-scale migrations. Azure Blueprints include mappings for key compliance standards such as ISO 27001, NIST SP 800-53, PCI-DSS, UK Official, IRS 1075, and UK NHS. 

The new SWIFT blueprint maps Azure built-in policies to CSP's security controls framework, enabling financial service organizations to have agility in creating and monitoring secure and compliant SWIFT infrastructure environments.

The Azure blueprint includes mappings to:

  • Account management. Helps with the review of accounts of that may not comply with an organization’s account management requirements.
  • Separation of duties. Helps in maintaining an appropriate number of Azure subscription owners.
  • Least privilege. Audits accounts that should be prioritized for review.
  • Remote access. Helps with monitoring and control of remote access.
  • Audit review, analysis, and reporting. Helps ensure that events are logged and enforces deployment of the Log Analytics agent on Azure virtual machines.
  • Least functionality. Helps monitor virtual machines where an application white list is recommended but has not yet been configured.
  • Identification and authentication. Helps restrict and control privileged access.
  • Vulnerability scanning. Helps with the management of information system vulnerabilities.
  • Denial of service protection. Audits if the Azure DDoS Protection standard tier is enabled.
  • Boundary protection. Helps with the management and control of the system boundary.
  • Transmission confidentiality and integrity. Helps protect the confidentiality and integrity of transmitted information.
  • Flaw remediation. Helps with the management of information system flaws.
  • Malicious code protection. Helps the management of endpoint protection, including malicious code protection.
  • Information system monitoring. Helps with monitoring a system by auditing and enforcing logging across Azure resources

We are committed to helping our customers leverage Azure in a secure and compliant manner. Over the next few months, we will release new built-in blueprints for HITRUST, FedRAMP, and Center for Internet Security (CIS) Benchmark. If you have suggestions for new or existing compliance blueprints, please share them via the Azure Governance Feedback Forum.

Learn more about the SWIFT CSP blueprint in our documentation.