Security in the Cloud: How Azure Secures Your Business Data
As we all know, companies worldwide are challenged by the ongoing volume of evolving cloud security threats and with retaining qualified security talent to respond to these threats. In fact, the average large organization gets 17,000 security alerts each week, which results in an average of 99 days to discover security breaches. That contrasts with the less than 48 hours it takes for security breaches to grow from one system compromised into significantly broader issues.
As you look for solutions to address these challenges, Azure can help strengthen your security posture, while reducing cost and complexity. Azure provides value in three key areas – a secure foundation that is provided by Microsoft, built-in security controls to help you quickly configure security across the full-stack, and unique intelligence at cloud scale to help you safeguard data and respond to threats in real-time.
Azure’s secure foundation
Microsoft invests over a billion dollars annually into cybersecurity, including the Azure platform, so you can allocate your IT budget and resources towards other business-critical initiatives.
You get to take advantage of 3,500 dedicated cybersecurity professionals working together across the Cyber Defense Operations Center, digital crimes unit and other teams to help protect, detect and respond to threats in real time.
For physical security, Azure has hundreds of datacenters in 50 regions, and these have extensive multi-layered protections to ensure unauthorized users cannot gain physical access to your customer data.
Cloud security includes much more than cybersecurity experts and physical controls. The computing infrastructure for Azure is built on customized hardware with security controls integrated into the hardware and firmware components including secret management and increasingly hardware-based enclave technology.
We know security is an ever-evolving state, so to save you time, we manage the basics such as ensuring the servers that run Azure are patched. We actively work to identify vulnerabilities through continuous testing and monitoring and run exercises such as red team versus blue team cyber penetration testing.
We regularly hear from customers that one of the reasons they chose Azure is the secure foundation is provides which enables them to put more of their resources towards delivering core value.
Azure’s built-in security controls
Even with the secure foundation that Azure provides, security is ultimately a joint responsibility between Microsoft and our customers. When you put your workloads and data on Azure, we recommend you follow security best practices. Azure has built-in security controls to help you get protected faster across identity, network, data and tools to help you with security management and threat protection.
Manage identity and access: Azure Active Directory is the central system for managing access across all your cloud services, including Azure, Office 365, and hundreds of popular SaaS and PaaS cloud services as well as on-premises. Active Directory is the most used directory service in the world. Microsoft recommends that you secure access with Azure Multi-Factor Authentication. We also recommend that you follow the same approach we do on Azure internally and limit access to only those who need it on a task-by-task basis using Role-Based Access.
Secure your network: Building and maintaining a secure network through Azure virtual networks (VNet) would typically start with segmenting subnets and configuring access rules using Network and Application Security Groups. Extend your on-premises network to the cloud using secure site-to-site VPN or a dedicated Azure ExpressRoute connection. Protect your web applications with the built-in Web Application Firewall.
Safeguard data and manage secrets: Azure can help protect your data while it’s in transit, at rest or even while it’s being used. Azure uses industry-standard protocols to encrypt data in transit as it travels between devices and Microsoft datacenters. When the data is kept in Azure Storage, you can use built-in data encryption to protect it. Azure Key Vault enables you to safeguard and control cryptographic keys and other secrets used by cloud apps and services. Data encryption controls are built-in to services from virtual machines to SQL to CosmosDB and Azure Data Lake. You can even protect data while it’s in use with the recently announced Azure confidential computing.
Unified security management to help prevent and detect threats: Azure Security Center provides you with insight into security issues with your Azure workloads and provides clear suggestions on what to fix. Azure Security Center goes beyond the capabilities of agentless alternatives found in other clouds to detect important security issues within virtual machines and cloud resources using an agent. You can even extend Azure Security Center to manage your on-premises workloads.
You can protect your virtual machine management ports from brute-force attacks using Azure Security Center Just-in-Time VM access.
Azure’s breadth of built-in security services across identity, networking, data, threat prevention and security management make it simple for you to improve your security posture.
Azure’s unique intelligence
In a world of evolving threats, the size of the threat dataset is both large and constantly changing. Since we are all working together to combat against cyberattacks, we need to leverage collective intelligence to help us keep pace with threats. The Microsoft Intelligence Security Graph brings together signals from many Microsoft products used at massive scale, including data from 450 billion authentications per month, 4 billion emails and 1 billion devices—to provide the intelligence you need to protect from evolving threats.
Azure Security Center’s threat protection helps you detect and mitigate threats with security alert dashboards by combining the Microsoft Intelligence Security Graph with machine learning and visualizations to help you understand the most critical issues, and even quickly visualize a complete attack chain. We recommend every enterprise customer turns on this capability.
At HSO, we can help! Our skilled team of professionals has expertise in the area of security and compliance that can help businesses like yours. A great way to begin is with an assessment of your current technology and your level of security. We can also share how the latest Microsoft technologies offer you expanded options.