Cloud adoption is accelerating among heavily regulated industries like healthcare and banking, and enterprises are moving more mission-critical applications and sensitive data to the cloud. As such, cloud security is of greater importance than ever before. Customers want to know: “Can I trust Microsoft to protect my data?”, “Can I meet my organization’s compliance requirements in Microsoft Azure?”, and “How do I keep my virtual networks secure?”
Just as Azure continues to release new cloud services at a rapid pace, it is also driving innovation in data protection, threat defense, network security, and identity and access management. This year, dozens of new capabilities have also been released to address customer security requirements and compliance questions, such as Antimalware, Network Security Groups, and Role-Based Access Control. These capabilities, along with our legal and compliance commitments, provide a trusted foundation – enabling customers to move to the cloud with confidence.
Data Protection
Microsoft is committed to supporting best-in-class encryption. By default, Azure uses industry-leading capabilities, including recent enhancements to TLS/SSL cipher suites and Perfect Forward Secrecy, to encrypt content flowing over the internet between the customer and the Azure service. This year, we expanded encryption capabilities to provide a wider range of options for securing data at rest. Customers can now encrypt data volumes using BitLocker and enable additional encryption using third party solutions from Cloud Link and Trend Micro. More information on Azure data protection is available in this whitepaper.
Threat Defense
Staying ahead of today’s threats can be a challenge – on-premises and in the cloud. Microsoft employs intrusion detection and prevention systems, denial of service attack prevention, regular penetration testing, and data analytics and machine learning tools to help identify and mitigate threats to the Azure platform. A recent upgrade to its denial of service system, while unseen by customers, provides significantly enhanced protection for all customers. To ensure customers also have the right protections in place, Microsoft Antimalware is now generally available for Virtual Machines and Cloud Services, along with solutions from Symantec, Trend Micro, and McAfee. Security event logs can be collected from virtual machines for further analysis, and partners like AlertLogic offer integrated log management services.
Network Security
Virtual Networks enable customers to create private networks in the cloud and to securely connect on-premises datacenters with Azure. Microsoft made several announcements at TechEd North America 2014 that enhance network security. One of which was that Virtual Network now supports multiple site-to-site VPN connections, so customers can securely connect multiple on-premises locations. With new VNET-to-VNET connectivity, multiple virtual networks can be directly and securely linked to one another. In addition, ExpressRoute is now generally available, enabling customers to establish a private connection to Azure datacenters, keeping their traffic off the Internet. Building on those enhancements, Microsoft introduced Network Security Groups at TechEd Europe 2014 for easier subnet isolation in multi-tier topologies. Microsoft also released support for site-to-site forced tunneling, which sends network traffic back to on-premises for policy validation, and multiple NICs, giving IT increased network control and enabling a host of network security appliances from partners like Citrix and Riverbed. More information on Azure network security capabilities is available in this whitepaper.
Identity and Access
Controlling who can access and administer cloud resources is key. Customers can federate user identities to Azure Active Directory and enable Multi-Factor Authentication for administrators. New Role Based Access Control (RBAC) features can be used to restrict access and permissions for specific cloud resources. To help detect suspicious access, Azure Active Directory offers reports that alert you to anomalous activity, such as a user logging in from an unknown device. In addition, operational logging and alerting capabilities can notify customers if someone stops a website or if a virtual machine is deleted.
In order for enterprises to embrace the cloud (and fully realize the speed, scale, and economic benefits), they must be assured that their infrastructure, applications, and data will not be at elevated risk. Leveraging more than two decades of experience building enterprise software and running some of the world’s largest cloud services, Microsoft is committed to advancing cloud security with a goal to not only meet, but exceed the level of protection most enterprises have in place on-premises or in their own datacenters. For the latest information on security features and best practices, visit the Microsoft Azure Trust Center.