Microsoft Azure mitigates your risk of a Cyber Attack
With recent Cyber Security threats, like the WannaCrypt ransomware attack, many CIOs are giving thought to their own cloud data security, including platforms like Azure. We are taking a moment to examine the enterprise grade security features of Azure and how the correct security settings give CIOs true peace of mind.
Security and privacy are built right through the core architecture of the Azure cloud. Azure is continually updated by Microsoft to make it even more secure. Azure Security Centre makes Azure the only public cloud platform to offer continuous security-health monitoring.
Security Development Lifecycle (SDL) addresses security at the development phase.
Operational Security Assurance (OSA) provides a framework that ensures secure operations throughout the lifecycle of cloud-based services.
Azure Active Directory (AAD) helps ensure that only authorised users have access to data.
Multi-factor authentication (MFA) secures user identities for highly secure sign-in. MFA requires users to verify their sign-ins via mobile app, phone call, or text message.
Microsoft continuously monitors servers, networks, and applications to detect threats. Azure’s multipronged threat-management approach uses intrusion detection, distributed denial-of-service (DDoS) attack prevention, penetration testing, behavioural analytics, anomaly detection, and machine learning to constantly strengthen its defence and reduce risks.
Azure Security Centre
Azure Security Centre gives you control over the security of your cloud assets. You can define policies for your Azure subscriptions, deploy security solutions and view the health of your Azure security.
Physical infrastructure security
Azure’s datacentres, are protected by layers of security including perimeter fencing, video cameras, security personnel and secure entrances.
Secure apps and data
Azure uses industry-standard protocols to encrypt data in transit as well as data stored in Azure Storage. Encryption includes SSL/TLS, IPsec, and AES.
BitLocker Drive Encryption can be configured on VHDs that contain sensitive information.
Access to data by Azure support personnel requires your explicit permission and is granted on a “just in time” basis that is logged and audited, then revoked after completion of the engagement.
Azure’s infrastructure prevents unauthorised transfer of information in a multitenant architecture, using virtual local area network (VLAN) isolation, access control lists (ACLs), load balancers, and IP filters, along with traffic flow policies; network address translation (NAT) separates internal network traffic from external traffic.
Azure implements packet-filtering firewalls on all host and guest Virtual Machines by default.
Data security features
- Data stored in Azure can be encrypted.
- Storage Account Keys, Shared Access Signatures, management certificates, and other keys are unique to each Azure tenant.
- You can use Azure Rights Management Services (RMS) for file- and data-level encryption and to prevent unintentional or deliberate leakage of data by authorised users.
It takes expertise to set up Microsoft Azure security features correctly. To gain full confidence in your data stored in the cloud, please call us on 0203 697 0302 for a health check and tune-up of your Azure security settings.