While cloud security continues to be a top concern, Microsoft recently shared insights from a survey that show overall concern has dropped significantly since 2015. They’re now at a stage where half of organizations contend the cloud is more secure than their on-premises infrastructure. In conversations Microsoft has with their customers and partners, they hear increasingly about how using the cloud improves an organizations’ security posture. As many organizations push forward on their digital transformation through increased use of cloud services, understanding the current state of cloud security is essential.
Maintaining a strong security posture for your cloud-based innovation is a shared responsibility between you and your cloud provider. With Microsoft Azure, securing cloud resources is a partnership between Microsoft and their customers, so it’s essential that you understand the comprehensive set of security controls and capabilities available to you on Azure.
Microsoft Azure is built on a foundation of trust and security. With significant investments in security, compliance, privacy, and transparency, Azure provides a secure foundation to host your infrastructure, applications, and data in the cloud. Microsoft also provides built-in security controls and capabilities to further help you protect your data and applications on Azure. These can be classified broadly into four categories:
Manage and control user identity and access: Comprehensive identity management is the linchpin of any secure system. You must ensure that only authorized users can access your environments, data, and applications. Azure Active Directory serves as a central system for managing access across all your cloud services, including Azure, Office 365, and hundreds of popular SaaS and PaaS cloud services. Its federation capability means that you can use your on-premises identities and credentials to access those services, and Azure Multi-Factor Authentication provides for the most secure sign-on experience.
Increase network and infrastructure security: Azure provides you the security-hardened infrastructure to interconnect Azure VMs as well as make connections to on-premises datacenters. Additionally, you can extend your on-premises network to the cloud using secure site-to-site VPN or a dedicated Azure ExpressRoute connection. You can strengthen network security by configuring Network Security Groups, user-defined routing, IP forwarding, forced tunneling, endpoint ACLs, and Web Application Firewall as appropriate.
Encrypt communications and operation processes: Azure uses industry-standard protocols to encrypt data in transit as it travels between devices and Microsoft datacenters, and when it is stored in Azure Storage. You can also encrypt your virtual machine disks using Azure Disk Encryption. Azure Key Vault enables you to safeguard and control cryptographic keys and other secrets used by cloud apps and services. Azure Information Protection will help you classify, label, and protect your sensitive data.
Defend against threats: Microsoft enables actionable intelligence against increasingly sophisticated attacks using our network of global threat monitoring and insights. This threat intelligence is developed by analyzing a wide variety of signal sources and a massive scale of signals. (For example, customers authenticate with Microsoft services over 450 billion times every month, and they scan 200 billion emails for malware and phishing each month.) Their approach to protect the Azure platform includes intrusion detection, distributed denial-of-service (DDoS) attack prevention, penetration testing, behavioral analytics, anomaly detection, and machine learning. You can leverage additional services to develop a strong threat prevention, detection, and mitigation strategy.
Azure Active Directory Identity Protection helps you protect and mitigate against the risks from compromised identities. It offers a cloud powered, adaptive machine learning based identity protection system that can detect cyber-attacks, mitigate them in real time, and automatically suggest updates to your Azure AD configuration and conditional access policies. Services like Antimalware for Azure and Azure Security Center use advanced analytics to not only help in detecting threats but also prevent them. Azure Security Center helps you get a central view of the security state of all your Azure resources in real time, including recommendations for improving your security posture. You can use Operations Management Suite to extend the threat prevention, detection and quick response across Azure and other environments (on-premises, AWS). Log Analytics service will give you real-time insights to readily analyze millions of records across all of your workloads regardless of their physical location.
These are just a few examples of the broad set of security controls and services available to you with Azure. Over the past year, Microsoft has expanded the portfolio with many new security services and ongoing enhancements.
Microsoft is committed to continued innovation in helping you protect your data, applications, and identities in the cloud. Innovations they have delivered most recently include:
- New capabilities and enhancements in Azure Security Center available for preview this month include Just In Time network access to VMs, automatic discovery and recommendations for application whitelisting, and expanded Security Baselines with more than 100 recommended configurations defined by Microsoft and industry partners. Microsoft’s research team continues to monitor the threat landscape and innovate on detection algorithms. Some new threat detections available to customers include Brute Force detections, outbound DDoS and Botnet detections, as well as new behavioral analytics for Windows and Linux VMs.
CLICK HERE to read the full article and learn how Microsoft Azure Security Services protects your resources better than your on-premises infrastructure!
To learn more on how Tallan’s Cloud technologists can help your organization optimize your cloud security to safeguard your data with Microsoft Azure, CLICK HERE.