Azure Managed Services for Customer’s Subscription
Project Hosts provides three Azure Managed Services offerings:
- Azure Performance Management
- Azure Security Management
- Azure Access & Application Management
All three service offerings are required in order to implement the full set of varions compliance controls for an environment.
Service Details
Service Details
Project Hosts’ Azure Performance Management services include the following:
- 24/7 performance monitoring and alerts
- Provisioning servers or scaling to larger or smaller servers
- Weekly virtual image backup and restore
- Weekly, daily, hourly database backup and restore
- Managing and testing DR restores in secondary Azure data center
- OS systems administration for Windows and Centos Linux
- Database administration for MS SQL and MySQL
- 24/7 technical support
- Performance optimization recommendations
2. AZURE SECURITY MANAGEMENT
Project Hosts’ Azure Security Management services include implementing and managing the following:
- ISO 27001 Security Controls
- Azure subnets with their NSG “firewall” access controls
- An Active Directory Domain to manage servers and group policy
- Web Application Proxy (WAP) servers as the controlled front door to the Deployment
- McAfee Host Intrusion Prevention System (HIPS) on every server, and EndPoint Protection centrally managed by ePolicy Orchestrator
- Remote Desktop Gateway servers for secure remote administration
- Logging configuration, collection, alerting, and review
- OS, DB and application software patching
- Project Hosts’ Centralized inventory tracking and alerting system (Admin Center)
- Incident response system with periodic tests
3. AZURE ACCESS & APPLICATION MANAGEMENT
Project Hosts’ Azure Access Management services include implementing and managing the following:
- Single sign-on (SSO) from other authentication systems
- Quarterly web app vulnerability scanning – Monthly cloning of servers in the deployment for scanning (where scanning production servers would cause disruption)
- Coordination with customer to patch web applications or modify configurations
- 24/7 support of applications on Project Hosts’ approved application list
- Project Hosts’ user authorization and administration tool (PH Portal)
4. ISO 27001, GDPR, AND CUSTOM COMPLIANCE DOCUMENTATION AND ASSESSMENT MANAGEMENT
With more than 13 years of expertise in securing Microsoft cloud solutions, the Project Hosts security team understands the exact control responses, technical implementations, and evidence that are required to demonstrate full SaaS compliance of ISO 27001 and GDPR standards for an environment built on Microsoft Azure IaaS. In some cases, Project Hosts may also implement additional controls required by enterprise customers to address their unique security and privacy needs.
If Project Hosts is providing the Azure Managed Services described above, then a customer may also elect to have Project Hosts provide the following services through its ISMScloud SaaS solution:
- Documentation of Security Controls, Policies, Procedures, and Implementation Proposals
- Third-party assessment Management or Support
5. DOCUMENTATION OF SECURITY CONTROLS
To demonstrate compliance with these standards, it is important to have a deep understanding of (i) exactly which aspects of each control are covered by Azure, (ii) how to implement technical solutions for the other controls that integrate seamlessly with the Azure controls, and (iii) what kinds of responses, processes, and evidence will satisfy auditors.
Project Hosts documents all of the control responses in its ISMSCloud tool. For each ISO 27001 and GDPR control, a technical response is provided that is consistent with the Azure Managed Services that Project Hosts is providing. In addition, many controls link to relevant policies or screenshot evidence of controls actually being in place. This allows third-party auditors to efficiently verify compliance with each control.