This article provides guidance on how to get your business compliant with PCI, HIPAA, GDPR, FedRAMP, SOC 2 by leveraging cloud services of AWS, GCP and Azure.

Organizations providing IT Managed Services, Software Development, Software as a Service, infrastructure-as-a-service, platform-as-a-service tend to have their application products hosted on the cloud environments. In order to achieve compliance with standards of PCI, HIPAA, GDPR, FedRAMP, and SOC 2, organizations must implement the controls specified in the SOC 2 Trust Services Principles.

These controls include:

  • Security: Organizations must ensure the security of their systems and data, including protection from unauthorized access and malware.
  • Confidentiality: Organizations must ensure that their systems and data are protected from unauthorized access.
  • Integrity: Organizations must ensure the accuracy and completeness of their systems and data.
  • Availability: Organizations must ensure that their systems and data are available when needed.

Organizations can leverage on cloud services of AWS, Azure or Google Cloud to implement the required controls with regulations.

Below table provides an high level overview of available cloud services for AWS, Azure or Google Cloud that organizations can leverage on to meet the required regulatory requirements and stay secure and compliant.

 

 

AWS Azure Google Cloud
AI and machine learning
AI containers AWS Deep Learning Containers GPU support on AKS Deep Learning Containers
Data labeling Amazon SageMaker Ground Truth Azure Machine Learning data labeling Vertex Data Labeling
Online fraud detection Amazon Fraud Detector N/A reCAPTCHA Enterprise
Analytics
Business analytics Amazon QuickSight, Amazon FinSpace Power BI Embedded, Microsoft Graph Data Connect (preview) Looker, Google Data Studio
Data lake creation Amazon HealthLake (preview), AWS Lake Formation Azure Data Lake Storage Cloud Storage
Data sharing AWS Data Exchange, AWS Lake Formation Azure Data Share Analytics Hub (preview), Cloud Dataprep (partnership with Trifacta)
Application integration
API development and management Amazon API Gateway, AWS AppSync Azure API Apps API Gateway, Apigee, Cloud Endpoints
Event routing, third-party integration Amazon AppFlow, Amazon EventBridge, Amazon Simple Notification Service Event Grid Pub/Sub
Messaging Amazon MQ, Amazon Simple Queue Service Azure Web PubSub (preview),  Queue Storage, Service Bus Pub/Sub
Workflow orchestration AWS Data Pipeline, Amazon Managed Workflows for Apache Airflow Logic Apps Cloud Composer, Workflows
Business applications
Document sharing and storage Amazon WorkDocs Microsoft Word Google Docs, Google Workspace Essentials
Email and calendar Amazon WorkMail Outlook Gmail
Low-code/no-code Amazon Honeycode (preview) Microsoft PowerApps, Project Bonsai (preview) AppSheet
Video calls and chat Amazon Chime Microsoft Teams Google Meet
Voice assistant Alexa for Business Cortana Google Assistant
Compute
Autoscaling AWS EC2 Auto Scaling Azure Autoscale, Azure virtual machine scale sets Managed instance groups (MIGs)
Functions as a service AWS Lambda Azure Functions Cloud Functions
High performance computing cluster management AWS ParallelCluster Azure CycleCloud, Azure FXT Edge Filer N/A
VM image builder EC2 Image Builder Azure VM Image Builder N/A
PaaS AWS Elastic Beanstalk, Red Hat OpenShift Service on AWS App Service, Azure Cloud Services, Azure Spring Cloud, Azure Red Hat OpenShift App Engine
Quantum computing Amazon Braket Azure Quantum (preview) N/A
Virtual machines Amazon EC2 Virtual Machines Compute Engine
Virtual private server Amazon Lightsail N/A N/A
VMware integration VMware Cloud on AWS Azure VMware Solution VMware Engine
Containers
Container registry Amazon Elastic Container Registry (ECR), ECR Public Azure Container Registry Artifact Registry, Container Registry
Managed container service AWS Copilot, Amazon Elastic Container Service (ECS), Amazon Elastic Kubernetes Service (EKS) Azure Kubernetes Service (AKS) Google Kubernetes Engine (GKE)
Serverless containers AWS App Runner, AWS Fargate Azure Container Instances (ACI) Cloud Run
Databases
Blockchain Amazon Managed Blockchain, Amazon Quantum Ledger Database (QLDB) Azure Blockchain Service (preview), Azure Blockchain Development Kit, Azure Blockchain Workbench (preview), Microsoft Azure Confidential Ledger (preview) N/A
Caching Amazon ElastiCache (Memcached, Redis) Azure Cache for Redis, Azure HPC Cache Cloud Memorystore
Time-series database Amazon Timestream Azure Time Series Insights Cloud Bigtable
Developer tools
App configuration parameter storage AWS AppConfig App Configuration Cloud Storage
Artifact management AWS CodeArtifact Azure Artifacts, GitHub Packages Artifact Registry (preview)
Code debugging AWS X-Ray Visual Studio Code Cloud Debugger, Firebase Crashlytics
CI/CD AWS CodeBuild, AWS CodeDeploy, AWS CodePipeline, AWS CodeStar Azure Boards, Azure DevOps, Azure Pipelines Cloud Build, Tekton
Development kits AWS Cloud Development Kit, Amazon Corretto Azure SDKs Cloud SDK
Private repository AWS CodeCommit, AWS Serverless Application Repository Azure Repos Cloud Source Repositories
Testing AWS Device Farm, AWS Fault Injection Simulator Visual Studio App Center, Azure Test Plans, Azure Internet Analyzer (preview) Google Firebase Test Lab
IoT
Cloud-device connections, data collection and management AWS IoT Analytics, AWS IoT Core, AWS IoT Device Defender, AWS IoT Device Management, AWS IoT Events, AWS IoT SiteWise Azure IoT Central, Azure IoT Hub, Azure Defender for IoT, Azure Sphere Cloud IoT Core
IoT edge compute AWS Greengrass Azure IoT Edge, Azure Percept (preview) Edge TPU
Microcontroller OS FreeRTOS Azure RTOS N/A
Virtual modeling AWS IoT Things Graph Azure Digital Twins N/A
Management and governance
Automation AWS CloudFormation, AWS Proton, AWS OpsWorks Azure Resource Manager, Azure Automation Cloud Deployment Manager, Cloud Foundation Toolkit, Cloud Scheduler
Anomaly detection CloudWatch Anomaly Detection Anomaly Detector Anomaly Detection
Application portfolio and data governance AWS Service Catalog Azure Managed Applications, Azure Blueprints (preview), Azure Purview (preview) Dataplex, Private Catalog, Service Directory
Configuration management AWS Config Azure App Configuration Cloud Asset Inventory
Health dashboard Personal Health Dashboard Resource Health, Azure Service Health Cloud Monitoring
Hybrid and multi-cloud management Amazon EKS Anywhere (preview), Amazon ECS Anywhere Azure Arc Google Anthos, Network Connectivity Center (preview)
Monitoring Amazon CloudWatch, Amazon CloudWatch Logs, AWS Transit Gateway Network Manager, Amazon Lookout for Metrics, Amazon Managed Service for Prometheus (preview) Azure Monitor, Network Watcher, Log Analytics, Azure Metrics Advisor (preview) Operations, Cloud Operations for GKE (formerly Stackdriver), Network Intelligence Center
Multi-account management AWS Control Tower, AWS Organizations Azure Management Groups, Azure Lighthouse N/A
Policy management AWS Organizations Azure Policy Organization Policy Service
Web-based user interface AWS Management Console Azure Portal Cloud Console
Migration
Database migration AWS Database Migration Service Azure Database Migration Service Database Migration Service (preview)
Disaster recovery CloudEndure Disaster Recovery Azure Site Recovery N/A
Migration tracker AWS Migration Hub Azure Migrate N/A
Server migration AWS App2Container, AWS Server Migration Service, CloudEndure Migration Azure Migrate Migrate for Anthos, Migrate for Compute Engine, VM migration
Miscellaneous
Customer engagement Amazon Connect, Contact Lens for Amazon Connect Azure Communication Services, Azure SignalR Service Contact Center AI
End user communications Amazon Pinpoint, Amazon Simple Email Service Azure Notification Hubs Firebase Cloud Messaging
Geolocation APIs and services Amazon Maps API, Amazon Location Service Azure Maps Google Maps Platform
Fast Healthcare Interoperability Resources FHIR Works on AWS Azure API for FHIR Apigee HealthAPIx, Cloud Healthcare API
Industrial and other workplace monitoring tools Amazon Lookout for Vision, Amazon Lookout for Equipment, Amazon Panorama (preview), Amazon Monitron Azure IoT Vision AI, Visual Inspection AI
Media services Amazon Elastic Transcoder, AWS Elemental suite, Amazon Interactive Video Service, Amazon Kinesis Video Streams Azure Media Player, Content Protection, Encoding, Live and On-Demand Streaming, Azure Video Analyzer (preview), Media Services OpenCue, Transcoder API (preview)
Robotics application development AWS RoboMaker N/A Cloud Robotics Core
Virtual desktop Amazon WorkSpaces, Amazon AppStream 2.0 Azure Virtual Desktop, Citrix Virtual Apps and Desktops, VMware Horizon Cloud on Microsoft Azure N/A
Virtual reality, mixed reality app development Amazon Sumerian Azure Digital Twins, Kinect DK, Object Anchors (preview), Remote Rendering (preview), Spatial Anchors Google VR
Networking
Build, deploy and manage APIs Amazon API Gateway Azure API Apps, API Management Apigee API Management Platform
Content delivery network Amazon CloudFront Content Delivery Network (CDN) Cloud CDN
Domain name system Amazon Route 53 Azure DNS Cloud DNS
Load balancing Elastic Load Balancing (ELB) Application Gateway, Load Balancer, Traffic Manager Cloud Load Balancing
Network accelerator AWS Global Accelerator Accelerated Networking Premium Network Service Tier
Network area translation NAT Gateway Virtual Network NAT, Azure Route Server (preview) Cloud NAT
VPC Amazon VPC Azure Virtual Network Virtual Private Cloud
VPC/VM secure connector AWS Transit Gateway, AWS VPN Azure Bastion, Azure Private Link, Azure VPN gateway Cloud VPN, Direct Peering, VPC Service Controls
Security
Audit and compliance reports and controls AWS Artifact, AWS Audit Manager Service Trust Portal Assured Workloads
Centralized security management AWS Security Hub Security Center Security Command Center
Certificate management AWS Certificate Manager App Service Certificate Authority Service
Confidential computing AWS Nitro Enclaves Azure Confidential Computing Confidential Computing
Data discovery and classification Amazon Macie Data Catalog, Azure Information Protection Data Catalog, Cloud Data Loss Prevention
Distributed denial-of-service (DDoS) protection AWS Shield Azure DDoS Protection Google Cloud Armor
End-user identity management Amazon Cognito Azure Active Directory B2C Firebase Authentication
Firewall management AWS Firewall Manager, AWS Network Firewall, AWS WAF Azure Firewall Manager, Web Application Firewall Cloud Armor, Cloud firewalls
Identity and access management AWS Identity and Access Management Azure Active Directory, role-based access control (Azure RBAC), Azure Active Directory External Identities BeyondCorp Enterprise, Identity and Access Management, Identity Platform, Identity-Aware Proxy
Key management AWS Key Management Service, AWS CloudHSM Key Vault, Azure Dedicated HSM Cloud Key Management
Multifactor authentication AWS Multi-Factor Authentication Azure AD Multi-Factor Authentication Google Authenticator, Titan Security Key
Microsoft Active Directory compatible directory service AWS Directory Service for Microsoft Active Directory Azure Active Directory Domain Service Managed Service for Microsoft Active Directory
Security data analysis Amazon Detective Security Center Chronicle, Risk Protection Program (preview)
Secrets management AWS Secrets Manager Azure Key Vault Secret Manager
Single sign-on AWS Single Sign-On Azure Active Directory single single-on Cloud Identity
Signoff for cloud provider data access requests N/A Customer Lockbox Access Transparency
Threat Detection Amazon GuardDuty Microsoft Azure Attestation, Azure Defender, Azure Sentinel Chronicle, Phishing Protection, Web Risk, Event Threat Detection (preview)
Vulnerability scanning Amazon Inspector Security Center Web Security Scanner
Storage
Archival storage S3 Glacier, S3 Glacier Deep Archive Archive Storage Archive Storage
Backup AWS Backup Azure Backup N/A
Block storage Amazon Block Store (EBS) Azure Disk Storage Persistent Disk, Local SSD
File storage Amazon Elastic File Service (EFS), Amazon FSx for Windows File Server, Amazon FSx for Lustre Avere vFXT for Azure, Azure Files, Azure NetApp Files, Azure FXT Edge Filer Filestore
Object storage Amazon S3 Azure Blob Storage Cloud Storage, Cloud Storage for Firebase

*AWS, Google and Microsoft use different terminology to describe services that are in preview, beta or alpha.

**Several Google and Microsoft services in this section are not explicitly available through Google Cloud and Microsoft Azure, respectively. They are part of each vendor’s broader cloud portfolio

BOTTOM LINE

While meeting the AICPA’s reporting guidelines, we customize your report, including an executive summary that highlights critical information that is most important to your customers. The remainder of the report is organized by topical areas so that stakeholders can easily find details when needed.

E Secure 360 is recognized as one of the market leaders in security, privacy, and internal control services. We have a dedicated practice of risk and control specialists with deep industry focus and experience. The E Secure 360 opinion stating that you’re operating controls meet SOC 2 standards is likely to reinforce customer confidence in your company.