We're ready to help

Our cloud experts can answer your questions and provide a free assessment.

a meeting
Azure Policy Orchestration at Scale

Leveraging Azure Policy for Compliance Best Practices

  • 0
  •  0

As a Technical Product Manager at Logicworks, I lead a software development team that is charged with developing new features for our Cloud Reliability Platform, a robust automation platform designed to improve cloud agility and resilience as well as enable greater security and governance. We develop our features by taking all of the knowledge, learnings, and best practices we have encountered working with clients running complex environments on the cloud. The majority of our clients have high security and/or compliance requirements coming from industries like healthcare, finance, and software-as-a-service. When we build Azure cloud environments for these types of customers, we find that often many aren’t utilizing a common and powerful tool in the Azure portfolio, Azure Policy.

The feedback we get from folks using Azure Policy is that it’s easy to use at first, but most struggle with maintaining compliance, adding resources as they scale, and remediating issues. Additionally, staying abreast of ever-changing compliance needs adds a lot of complexity and makes their implementations fall to the wayside. Based on that feedback, we felt we could deliver some real value by automating the process of maintaining Azure Policy on our Cloud Reliability Platform and leveraging our experts to help customers manage this at scale.

In order to provide a consistent best-practice baseline across all of our client subscriptions, we developed a new feature — Policy Orchestrator. We knew that customers needed the flexibility to make ongoing changes, so the engine we designed had to be able to meet a variety of scope changes. We then decided to utilize well known source control practices so that our tooling has proper change-management and rollback capabilities, as well as insight into who made what changes and when.   

After recognizing that many of  our customers have the need for specialized compliance, another idea came to mind. We realized that by offering policy packs centered around particular compliance standards, say CIS Benchmark 1.3, we could take some of Azure’s head start and make expansions that better reflect what we see in the field. That way, we’re able to keep a subscription in compliance, centrally update the compliance standard, and route any failures in compliance to our award-winning Network Operations team for remediation. 

The best part? We can give our customers peace of mind and a more trouble-free approach to compliance audits.

So let’s talk reality, if you’re a developer at your SaaS company, you may often find yourself creating new Azure resources or making edits to infrastructure to control your offering. Previously, you would have had to set up alerts and configure action groups, all while taking into account those all-too-easily-forgotten diagnostic settings. Then if you wanted to also apply policies for backups or compliance, you’d spend a lot of time doing work that isn’t making your company money.  With Logicworks Policy Orchestrator you can safely spin up resources and trust that our Cloud Reliability Platform will handle the monitoring and best practices to enforce your policies, so you can stay focused on the goal of running your software.

So what does this mean for your business?

  • Quicker onboarding time for your Azure subscriptions
  • Improved cloud security with minimized risk
  • More scalability, with less manual work
  • Tighter operations with governance over typical management tasks
  • Automating environment set-up for subscription-wide monitoring 
  • Fully trackable change management so if a machine is opted out of monitoring there’s a record of who made the change and when.

Have any questions about Azure Policy Orchestrator? Reach out to Logicworks!

Written by JJ Zou, Technical Product Manager, Azure

No Comments

    Leave A Comment