If you’re going to use any cloud infrastructure, then you want one with a wide array of security tools and capabilities that meet your business’ security requirements. Azure provides confidentiality, integrity, and availability of customer data, while also enabling transparent accountability.
Because Azure supports a broad selection of operating systems, programming languages, databases, and devices that millions of developers and IT teams use, it makes it a natural fit. That reliance on the infrastructure to protect your applications and data with the stringent security controls they have in place, is key. It has the capability to host millions of customers simultaneously, all with customised security options. Microsoft are renowned for their emphasis on stringent security, and it shows.
The customer-facing security controls can be customised to increase security where you require it. These are organised into six areas: Operations, Applications, Storage, Networking, Compute, and Identity. Each area comprises of many features.
Operations
- Microsoft Sentinel – delivers intelligent security analytics and threat intelligence across the enterprise.
- Microsoft Defender for the Cloud – provides integrated security monitoring and policy management across Azure subscriptions
- Azure Resource Manager – used to deploy, delete or update any/all resources in one go
- Application Insights – used for monitoring live apps to detect abnormal performances
- Azure Monitor – provides information from the Activity and Resource logs
- Azure Monitor Logs – solution for monitoring third-party and on-premise infrastructure as well as Azure
- Azure Advisor – a personalised cloud consultant for optimising all Azure deployments
Applications
- Penetration Testing – Enabling you to do your own penetration testing
- Web Application Firewall – protects web apps from common web-based attacks
- Authentication and Authorisation in Azure App Service – Enables users to sign in without having to change any backend code
- Layered Security Architecture – providing different levels of access for each app tier
- Web Server Diagnostics and Application Diagnostics – provides the diagnostics for logging information for the web server or web app
Storage
- Azure Role Based Access Control – enabling access on a ‘need to know’ and ‘least privilege’ security principles.
- Shared Access Signature – provides delegated access to resources in your storage account
- Encryption in Transit – protects data when it’s transmitted across networks
- Encryption At Rest – allows automatic data encryption when being written to Azure storage
- Storage Analytics – provides the data for the storage account
- Enabling Browser-based clients using CORS – allowing domains to give each other permission to access each other’s resources
Networking
Network Layer Controls :
- Network Security Groups – A basic packet filtering firewall enabling access control.
- Azure Firewall – cloud-native firewall providing threat detection for everything running in Azure
- Route Control and Forced Tunnelling – customise inbound and outbound paths of traffic
- Virtual Network Security Appliances – enables security at higher levels
- Azure Virtual Network – A representation of your own network in the cloud
- Azure Private Link – enables access to other Azure services privately
- VPN Gateway – created to allow encrypted traffic from the Azure private network to your on-premise server
- Express Route – A dedicated WAN link to extend your on-premises network to the cloud
- Traffic Manager – control the distribution of traffic to different data centres
- Azure Load Balancer – delivers load-balanced traffic to your server
- Internal DNS – manages the list of servers used in the management portal
- Azure DNS – responsible for transferring the traffic to it’s IP address
- Microsoft Defender for the Cloud – continuously analysing the security state of your Azure resources for best practice
Compute
- Azure Confidential Computing – keeps your data encrypted at all times
- Anti-malware and Anti-virus – Azure’s own anti-malware
- Hardware Security Module – providing the ability to store your keys in hardware security modules
- Virtual Machine Backup – backup for Windows and Linux machines
- Patch Updates – find and fix software problems and simplify the software update process
- Security policy management and reporting – helps prevent, detect and respond to threats
Identity and Access Management
Secure Identity – a range of security practices across the network of products to manage identity and access. These include:
- Multi-Factor Authentication
- Microsoft Authenticator
- Password Policy Enforcement
- Azure Role-Based Control
- Integrated Identity management
Secure Apps and Data – Via the Azure Active Directory, securing access to data in applications onsite and in the cloud.
With that much dedication to security, its easy to understand why Microsoft Azure is the cloud network of choice for so many. If you would like more information about cloud hosting, cloud development, cloud migration or Azure then please do get in touch.
