Latest posts by Brandon Lee (see all)
- Action1: Manage endpoints from the cloud - Tue, Feb 18 2020
- AdRem Software NetCrunch: rule-based monitoring, automatic alert correlations, and pending and conditional alerts - Tue, Feb 11 2020
- VMware moving to per-core licensing - Mon, Feb 10 2020
Compliance—and more specifically, keeping up with compliance objectives, auditing, and inventory—can be extremely difficult to do effectively. Do you find yourself using spreadsheets and Word documents to manage your compliance initiatives? You are not alone. Many organizations use legacy sneakernet-type technologies to keep up with compliance without any type of automation to perform the heavy lifting in their environments.
Recently, Microsoft introduced a brand-new solution that gives your business the automated tools needed to keep up with your compliance initiatives. Moreover, it simplifies the process of doing so. This solution is Compliance Score, introduced as a preview feature found in the Microsoft 365 compliance center. It helps you understand the compliance of your environment in today's very active compliance landscape. What is Microsoft Compliance Score? Let's take a look.
Why Is compliance a challenge? ^
Many aspects to compliance make it extremely challenging. What are some challenges that businesses generally confront with compliance that make it difficult? Common challenges generally include the following:
- Compliance regulations are frequently updated and changed
- Point-in-time audits can fail to give visibility to risks between those audits
- Ineffective collaboration between key stakeholders
- Lack of guidance and effective documentation on designing and implementing effective compliance controls
These and many other compliance challenges exist for your business today when trying to keep pace with the ever-changing compliance landscape. Having an automated means of auditing and evaluating how your environment measures up regarding compliance is necessary to be effective in this area. Microsoft Compliance Score comes into play here.
Microsoft Compliance Score features ^
The new Microsoft Compliance Score solution is part of the Microsoft Security and Compliance Center. It helps you see where your organization rates in relation to its compliance objectives with an easy and intuitive scoring system. It provides the following key benefits:
- Continuous assessments: Detect and monitor the compliance control automatically and effectively across your Azure environment using a risk-based score
- Recommended actions: Display actionable guidance to help reduce compliance risks across your environment
- Built-in control mapping: Access built-in mapping across various regulations and compliance standards to help scale your compliance efforts
If you are already familiar with using the Compliance Manager solution in Azure, you will notice Compliance Score is a standalone feature that provides a much easier and understandable way to meet compliance objectives. Rather than being a replacement for the Compliance Manager solution, Compliance Score is a simplified view of your compliance rating that complements Compliance Manager.
The Compliance Score dashboard greatly simplifies the workflow of remediating recommended compliance actions. It helps you understand the issues found in the compliance analysis and their impact on the overall compliance score.
Another great feature of the Microsoft Compliance Score solution is that it includes numerous compliance templates preshipped out of the box to use as compliance baselines for auditing your environment. The templates included let you analyze compliance based on the following regulations:
- National Institute of Standards and Technology (NIST)
- Health Insurance Portability and Accountability Act (HIPAA)
- International Organization for Standardization (ISO) 27001
- ISO 27018
- Federal Financial Institutions Examination Council (FFIEC)
- California Consumer Privacy Act (CCPA)
- Federal Risk and Authorization Management Program (FedRAMP)
- General Data Protection Regulation (GDPR)
- …and others
Depending on which industry and compliance regulations your business falls under, you will want to add the specific template that applies to your business. This will allow Compliance Score to run assessments more relevant to your specific business requirements.
More prebuilt templates are on the way. Additionally, you can customize and upload your own templates for compliance auditing and requirements. You can then use Compliance Score to manage your compliance objectives with custom metrics and guidelines as defined by your business needs and compliance requirements.
Microsoft has already done a great deal of work to allow you to achieve many of the compliance recommendations. Just by using Microsoft infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) environments, you benefit from the work Microsoft has already performed in terms of general compliance with a long list of compliance regulations.
The default score you receive in your first Compliance Score assessment is based on the "Microsoft 365 data protection baseline." It provides a good, general baseline for meeting many of the compliance objectives and reducing risks to your data.
Once you run an assessment and note the compliance recommendations in the Compliance Score dashboard, you can click on the recommended actions, which allow easy workflows. From a single dashboard, you can remediate various configurations noted in Compliance Score. It will take you directly to the Azure portal area where you can change the configuration. This means you don't have to search for where the recommended change needs to take place.
Additionally, with each Compliance Score assessment, you can scroll down in the Compliance Score dashboard and find the Compliance score breakdown. This highlights each area that makes up the overall Compliance Score and which areas need perhaps the most attention for compliance remediation.
The Improvement actions page for each recommendation provides a wealth of information at your fingertips for the particular action Compliance Score suggests taking. Note below that it displays the following information for a recommended action:
- Points achieved
- Which standards and regulatory compliance frameworks require the action
- How to implement the action
- A hyperlinked document to learn more about the particular action or feature
- Additional documentation hyperlinks
As you can see, a wealth of information here helps you easily understand the importance of the recommended actions, why they are relevant, which compliance regulations require them, and how to implement them.
Wrapping up and impressions ^
It appears that Microsoft has helped simplify the understanding of the overall compliance stance of your business by providing the intuitive and easily understandable new Compliance Score dashboard in Azure. You can easily apply templates that apply to your particular industry and compliance requirements to create an accurate evaluation based on your true compliance needs.
Compliance Score is more than just an informational tool. It includes the workflows needed to remediate the recommended settings right from the Compliance Score dashboard. It also takes you directly to the area in the Azure portal where you need to make the recommended changes.
Compliance continues to evolve and change. Compliance Score will definitely help take much of the complexity out of keeping up with the ever-evolving and changing compliance regulations.