Table of Contents
Understanding Security on Azure
Security on Microsoft Azure is a vast collection of security protocols and protections managed by Microsoft and the client, all designed to guarantee complete protection of the cloud based platform.
Azure comes with a large array of customizable security options, plus the ability to control them when needed. As the platform provider, Microsoft promotes rigorous standards for security maintenance. Full physical and electronic contact to the cloud servers are closely monitored, including among Microsoft staff. Additionally, to ensure a clean work environment, all code written for Azure software is run through full virus scans before deployment.
Planning For Security With Azure
The largest Azure security concerns do not rest in the cloud platform itself. The highest risk lies internally, within companies. However, within modern cloud environments, security is a shared responsibility. The main capabilities available in the Azure Platform to assist in meeting security responsibilities are:
- Operations: the services, controls, and features provided by Microsoft to help users protect their data and other assets. It is built on a framework developed internal by Microsoft based on long standing knowledge of the cybersecurity threat landscape.
- Application Insights: Microsoft will help Azure users determine valuable performance and usability insights for applications and total infrastructure.
- Azure Security Monitor: a service which proactively audits customer resources to help ensure best practices and system security.
- Log Analytics: Azure collects and processes data to determine the quality of things like data retention, data segregation, and security compliance.
- Applications: Applications built into the framework of Azure to help maintain security on Azure. These range from encryption protocols to firewalls.
- Web App Vulnerability Test: a cloud based testing platform used to audit security quality for customers of Azure.
- Web Application Firewall: a built in firewall designed to protect customer data and applications from any vulnerabilities and attacks.
- Storage: Azure provides security within its storage framework to ensure data is kept safe at all points of its transfer.
- Role Based Access Control: enables access management to Azures cloud storage. Allows defined rules which limit access provided to users when needed.
- Encryption in Transit/Rest: Azure offers total encryption of customer data: when being transferred over the network, or stored in the cloud server.
- Network Layer Controls: allows customized access control of virtual machine communication, to help hinder any major security breaches.
- Network Security Groups: functions as a list of security rules, which can approve or deny network access to resources attached to virtual networks within Azure.
Azure Services and Tools
With such a large enterprise client base, Microsoft has put a lot of effort in to providing high level functionality across all major aspects of Azure’s security:
- Anti-malware & Antivirus: compatibility with many vendors software. Up to date protection from malicious files, adware, and other threats.
- Hardware Security Module: Simplify the management and security of critical secrets and keys by storing them in Azure Key Vault.
- Virtual machine backup: Azure Backup is a solution that protects your application data with zero capital investment and minimal operating costs.
- Azure Site Recovery: facilitates replication, failover, and recovery of workloads and apps so that they are available from a secondary location if needed.
- VM Disk Encryption: helps encrypt Windows and Linux IaaS virtual machine disks.
- Virtual networking: a logical construct built on top of the physical Azure network fabric.
- Security policy management: helps detect threats that might otherwise go unnoticed, and works with a broad ecosystem of security solutions.
- Multi-Factor Authentication: requires users to use multiple methods for access, on-premises and in the cloud.