Introduction
One of the major barriers to incorporating a cloud service for your enterprise is the security of your data. Most enterprises get uneasy without their data being on local servers. With Azure, Microsoft puts in place a number of technologies and processes to safeguard the cloud environment and reassure the customers that their data is absolutely safe with Azure. We list down 10 of these technologies and processes that will make you feel confident about placing your trust in Azure.
1. Microsoft Global Foundation Services (GFS)
A system can’t be more secure than the physical platform that it runs on. Azure is run on geographically distributed Microsoft data centers that are designed to run 24x7 and have various measures in place to prevent power failure, physical intrusion and network outages. Microsoft GFS is responsible for all these data centers, and hosts more than 200 of Microsoft’s online services and web portals, serving more than 20 million businesses worldwide.
2. Independent Verification and Certification
Microsoft implements appropriate technical and organizational measures to maintain the security of customer data. However, to ensure that Azure’s services are designed and operated with very stringent safeguards, Microsoft undergoes third party audits by internationally recognized auditors as an independent validation.
3. Partner with industry leaders
To keep abreast with the current standards in cloud compliance, Microsoft is part of organisations such as CSA, and collaborates with other Cloud Service Providers to develop guidelines for future standards. Microsoft works with government organisations such as NIST and ENISA to help develop the approaches taking care of the security challenges associated with operating in a network to cloud based environment.
4. Confidentiality
Customer data should only be accessible to authorized entities. To ensure the same, Azure incorporates the following mechanisms:
4. Confidentiality
• Encryption: Used internally within Windows Azure, and is provided optionally for customers who want to take additional measure to protect their data.
• Isolation: Azure keeps appropriate containers separate - either logically or physically, thus minimizing interaction with the data itself. Customer access, fabric controllers, VLANs, guest VMs etc. are all isolated for the same reason.
• Identity and access management: Only properly authenticated entities are allowed access.
5. Choice and flexibility
Compliance is an activity that just cannot accommodate all possible solutions into one. Therefore, Microsoft offers the choice and flexibility for the customers to use the cloud services as per their security standards. For data that needs to be on-premises, Azure provides hybrid services that combine the best of both worlds. It also promotes interoperability by supporting various programming languages.
6. Security Controls
Various in-built measures ensure the security of data:
• Least privilege Customer software.
• A simple access control model with apps having full control over their data.
• Antivirus/Antimalware protection.
• Intrusion detection and DDoS.
• Internal traffic is protected with SSL.
• Packet filtering to ensure only trusted VMs access traffic.
• Data is unavailable once delete operations are called.
• Access to customer data by Microsoft Operations and support personnel is denied by default.
7. Service Operations
The processes and the people involved in operating Azure are vital in terms of security. Background verification checks of operations personnel are taken, and accordingly given access to infrastructure. Microsoft follows a consistent process to assess and respond to vulnerabilities and incidents reported. They employ combinations of controls that greatly enhance independent detection of malicious activity.
8. Penetration Testing
To ensure that the processes in place for security are top-notch, Microsoft conducts regular penetration testing of their own. Apart from this, they also allow the customer to conduct their own penetration testing on their applications hosted in Azure. This way, the customer can assess the security of their data themselves.
9. Customer selectable Geo-location
One of the major issues with data security on the cloud is different regulatory jurisdictions based on various geographies. Azure provides the customer with an easy solution for this: they get to choose where the data is stored. Therefore, compliance risk is minimized by actively selecting the geographical locations in which the data will reside. Azure may also transfer data within a geo (eg. Japan) for data durability. Customer data will not be transferred outside the geo that the customer specifies, unless it’s an absolute necessity (customer support, troubleshooting etc.).
10. Transparency
On top of taking the measures required to ensure maximum security, it is very important that the customer has all the information he/she needs about the data at his/her fingertips. Through the Azure trust center, Microsoft provides easy to understand information about where the customer data is stored, who can access it and the identity of the sub-contractors who might be handling the personal data.