Field notes on risk, compliance, cloud security and AI.https://www.shihansuhail.com/enhttps://www.shihansuhail.com/writing/scanning-terraform-against-azure-policy-at-build-time/https://www.shihansuhail.com/writing/scanning-terraform-against-azure-policy-at-build-time/Azure Policy stops noncompliant resources at deploy time. This shows how to catch the same violations earlier, in the Azure DevOps build, so a bad Terraform plan fails the pipeline instead of the deployment.Mon, 15 Jun 2026 00:00:00 GMTAzureSecurityGRChttps://www.shihansuhail.com/writing/strengthening-your-cloud-security-posture-with-microsoft-defender-for-cloud/https://www.shihansuhail.com/writing/strengthening-your-cloud-security-posture-with-microsoft-defender-for-cloud/Knowing where your cloud environment is weak is half the battle. Microsoft Defender for Cloud gives you a continuous read on your posture and maps it straight to the standards you have to comply with.Tue, 09 Jun 2026 00:00:00 GMTAzureSecurityGRChttps://www.shihansuhail.com/writing/what-the-eu-ai-act-means-for-risk-and-compliance-teams/https://www.shihansuhail.com/writing/what-the-eu-ai-act-means-for-risk-and-compliance-teams/The EU AI Act is the first comprehensive law to regulate AI by risk. For compliance teams the question is no longer whether it applies, but which of your AI systems fall into which tier, and what each tier demands.Sat, 30 May 2026 00:00:00 GMTAIGRCRiskhttps://www.shihansuhail.com/writing/running-terraform-in-azure-devops-pipelines/https://www.shihansuhail.com/writing/running-terraform-in-azure-devops-pipelines/A practical Azure DevOps pipeline for Terraform: remote state in Azure Storage, a plan you review before it runs, and an apply that only happens after someone approves it.Tue, 19 May 2026 00:00:00 GMTAzureAutomationhttps://www.shihansuhail.com/writing/enforcing-compliance-guardrails-with-azure-policy/https://www.shihansuhail.com/writing/enforcing-compliance-guardrails-with-azure-policy/Most cloud governance problems are not technology problems, they are consistency problems. Azure Policy lets you turn your security and compliance rules into guardrails that apply automatically across every subscription.Tue, 12 May 2026 00:00:00 GMTAzureGRCSecurityhttps://www.shihansuhail.com/writing/soc-2-vs-iso-27001-choosing-the-right-framework/https://www.shihansuhail.com/writing/soc-2-vs-iso-27001-choosing-the-right-framework/The question I get asked more than any other is whether a company should pursue SOC 2 or ISO 27001. They overlap heavily but they are not the same thing, and the right answer depends on who is asking you for it.Tue, 21 Apr 2026 00:00:00 GMTSOC 2GRCRiskhttps://www.shihansuhail.com/writing/deploying-bicep-from-azure-devops-pipelines/https://www.shihansuhail.com/writing/deploying-bicep-from-azure-devops-pipelines/Bicep gives you clean, typed infrastructure as code for Azure, and Azure DevOps gives you a place to validate and ship it safely. Here is a pipeline that previews every change before it touches production.Mon, 06 Apr 2026 00:00:00 GMTAzureAutomationhttps://www.shihansuhail.com/writing/eliminating-hardcoded-secrets-with-azure-key-vault-and-managed-identities/https://www.shihansuhail.com/writing/eliminating-hardcoded-secrets-with-azure-key-vault-and-managed-identities/Connection strings and API keys sitting in config files are still one of the most common ways credentials leak. Here is how to get them out of your code for good using Key Vault and managed identities.Wed, 18 Mar 2026 00:00:00 GMTAzureSecurityAutomationhttps://www.shihansuhail.com/writing/preparing-for-dora-operational-resilience-for-the-financial-sector/https://www.shihansuhail.com/writing/preparing-for-dora-operational-resilience-for-the-financial-sector/DORA reframes ICT risk as an operational resilience problem the board is accountable for, not an IT problem buried in a basement. Here is how I read its five pillars and where firms should focus.Tue, 24 Feb 2026 00:00:00 GMTGRCRiskSecurityhttps://www.shihansuhail.com/writing/evaluating-soc-2-type-ii-reports-as-a-cybersecurity-engineer/https://www.shihansuhail.com/writing/evaluating-soc-2-type-ii-reports-as-a-cybersecurity-engineer/It is important to understand that data is a key element of modern society, the lifeblood of business data in the present era. As such, cybersecurity executives are required to…Wed, 09 Apr 2025 00:00:00 GMTSOC 2Securityhttps://www.shihansuhail.com/writing/will-ai-agents-disrupt-grc-workflows-yes-and-here-s-why/https://www.shihansuhail.com/writing/will-ai-agents-disrupt-grc-workflows-yes-and-here-s-why/Will AI Agents Disrupt GRC Workflows? In the ever evolving cybersecurity and compliance landscape, Governance, Risk, and Compliance GRC workflows have long been cumbersome, time intensive, and manual. But changing…Sat, 05 Apr 2025 00:00:00 GMTGRCAIhttps://www.shihansuhail.com/writing/azure-landing-zone-review-assessment/https://www.shihansuhail.com/writing/azure-landing-zone-review-assessment/Introduction Organizations are constantly searching for methods to harness the potential use of the cloud to operate their operational architecture and compete in today’s fast paced digital environment. As a…Sun, 23 Mar 2025 00:00:00 GMTAzurehttps://www.shihansuhail.com/writing/implementing-soc-2-compliance-framework/https://www.shihansuhail.com/writing/implementing-soc-2-compliance-framework/Introduction I have implemented SOC 2 compliance and am aware of the challenges. SOC 2 ensures that customer information is secure. The framework provides guidelines for security, availability, processing integrity,…Sun, 23 Mar 2025 00:00:00 GMTSOC 2GRChttps://www.shihansuhail.com/writing/automating-azure-resource-graph-queries-with-logic-apps/https://www.shihansuhail.com/writing/automating-azure-resource-graph-queries-with-logic-apps/Overview Azure Resource Graph Explorer enables querying resources at scale across subscriptions, management groups, and entire tenants. If you need to execute queries periodically and take action on the results,…Wed, 12 Mar 2025 00:00:00 GMTAzureAutomationhttps://www.shihansuhail.com/writing/step-by-step-guide-to-connecting-openai-with-azure-portal/https://www.shihansuhail.com/writing/step-by-step-guide-to-connecting-openai-with-azure-portal/The integration of the OpenAI model into the Azure ecosystem gives organizations an unprecedented opportunity to harness the power of AI for a variety of applications. Microsoft Azure makes this…Sat, 18 Jan 2025 00:00:00 GMTAIAzurehttps://www.shihansuhail.com/writing/how-to-resolve-vss-writer-errors-without-rebooting/https://www.shihansuhail.com/writing/how-to-resolve-vss-writer-errors-without-rebooting/Resolve VSS Writer Errors Without Rebooting How to Resolve VSS Writer Errors Without Rebooting Scenarios Scenario 1: Failed VSS Writers Backups fail due to VSS writers in a failed state,…Sun, 17 Nov 2024 00:00:00 GMTInfrastructurehttps://www.shihansuhail.com/writing/how-to-import-azure-wiki-contents-into-a-json-file/https://www.shihansuhail.com/writing/how-to-import-azure-wiki-contents-into-a-json-file/In today's digital age, organizations often depend on collaborative tools like Azure Wiki to streamline knowledge sharing among team members. However, there are situations when you might need to export…Sun, 17 Nov 2024 00:00:00 GMTAzureAutomationhttps://www.shihansuhail.com/writing/veeam-known-issues-network-failure-and-ssl-errors/https://www.shihansuhail.com/writing/veeam-known-issues-network-failure-and-ssl-errors/Veeam Known Issues: Error Observed by Underlying BIO Issue Discontinuous network failures may occur when communicating with the VMware host. This is accompanied by errors such as: “Error observed by…Sun, 17 Nov 2024 00:00:00 GMTInfrastructurehttps://www.shihansuhail.com/writing/simplifying-access-control-introducing-temporary-access-passes-in-azur/https://www.shihansuhail.com/writing/simplifying-access-control-introducing-temporary-access-passes-in-azur/Overview In today’s ever changing business environment, it is often necessary to grant temporary access to resources within the Azure platform. Whether it be for a brief project, contractor involvement,…Wed, 20 Sep 2023 00:00:00 GMTAzureSecurityhttps://www.shihansuhail.com/writing/configure-front-door-for-an-azure-app/https://www.shihansuhail.com/writing/configure-front-door-for-an-azure-app/For content and apps, Azure Front Door is a cutting edge cloud content delivery network CDN service that offers high performance, scalability, and secure user experiences. This can be set…Wed, 05 Jul 2023 00:00:00 GMTAzurehttps://www.shihansuhail.com/writing/monitoring-on-premise-devices-with-sentinel-using-azure-arc/https://www.shihansuhail.com/writing/monitoring-on-premise-devices-with-sentinel-using-azure-arc/When talking about Hybrid clouds & multi cloud environments the main requirement is to monitor on premise devices. And yes when it comes to Azure cloud the monitoring is way…Wed, 05 Jul 2023 00:00:00 GMTAzureSecurityAutomationhttps://www.shihansuhail.com/writing/using-mtls-for-your-organization/https://www.shihansuhail.com/writing/using-mtls-for-your-organization/We used to do secure communication over the internet using TLS. After attacks such as POODLE made SSL 3.0 unsafe, mTLS (Mutual Transport Layer Security) was introduced to make client and server connections secure and trusted…Mon, 30 Aug 2021 00:00:00 GMTSecurityInfrastructure