Why we build regulated platforms on Azure, not AWS.

In full

The cloud debate is usually framed as a performance and price comparison. For the regulated platforms we build, that framing is a distraction. Tenancy, identity, and compliance posture decide the stack long before a benchmark does, and for a supervised business in South Africa or the UK the honest answer is rarely AWS. This is not tribal loyalty. It is what the decision looks like when compliance is the constraint, not an afterthought.

The decision is made on the wrong axis

Teams choose a cloud by comparing instance prices and raw performance. Those numbers matter when your constraint is throughput. They barely matter when your constraint is proving to a regulator that customer data lives where you say it does, that access is governed, and that you can produce the evidence on demand. A few percent on compute cost is noise next to a failed audit.

For regulated workloads, the binding constraint is rarely performance. It is provable governance.

Once you accept that, the comparison changes. You are no longer asking which cloud is fastest. You are asking which cloud makes the compliance story easiest to build and easiest to evidence, because that is the work that actually determines whether you can ship.

Three reasons we default to Azure for regulated work

1. Identity is the centre of gravity

In a regulated system, access governance is most of the compliance story. Microsoft Entra gives a single, auditable identity plane that the rest of the platform reads from, and that the client's own Microsoft estate already speaks. When the business runs on Microsoft 365, identity, devices, and the platform share one governance model instead of three. That coherence is worth more than a faster VM.

2. The compliance and data-residency story is straightforward

South African and UK clients need to evidence where data rests and how it is handled. Azure's regional footprint and the way data residency, Key Vault, and managed identities fit together make that story short to tell and short to prove. Short stories survive audits. Clever architectures that need a diagram and an apology do not.

3. The estate is already Microsoft

Most of our clients already run Microsoft 365. Building the platform on Azure means one identity model, one set of security tooling, and one place the auditor looks. Choosing a different cloud means stitching two governance worlds together and explaining the seam to everyone who reviews you. Every seam is a question you have to answer later.

When AWS is the right answer

This is a default, not a dogma. AWS is the better choice for plenty of workloads: a consumer product chasing scale and breadth of managed services, a team with deep existing AWS expertise, an architecture that leans on a service AWS does best. We have no interest in forcing a regulated-industry template onto a problem that does not have a compliance constraint.

The point is narrower than "Azure wins." It is this: when the binding constraint is provable governance for a supervised business already living in the Microsoft world, Azure makes the compliance work shorter, and shorter compliance work is what gets the platform live.

How we build it

• Identity: Entra as the single auditable access plane.
• Secrets: Key Vault with managed identities, never plaintext configuration.
• Data: Postgres Flexible Server with tenant isolation, in a region the client can evidence.
• Infrastructure as code: defined in Bicep, so an identical, governed environment can be stood up on demand and reviewed like any other code.