Thursday, 31 August 2017

Deep Dive Into Microsoft Cloud (Azure) Security

Today, we will discuss about Microsoft Cloud Security from a curious customer questions perspective, before moving towards detailed technical understanding.
  1. Could we consider Cloud as a Secure Platform? 
    I really don’t have any idea, and neither could I promise that,  but what I understood from my learning is that ‘Cloud Environment’ has better security as compared to the ‘On Premises Data Center’. Some of the reasons for Security of the ‘Microsoft Data Centers’ are - 

    1. Controlled access/ Reachability to the Azure Data Centers. So far, no Azure Security breach has been reported.
    2. Technology perspective (Adhere to the Azure Security Development Lifecycle (SDL)).
    3. Authentication is managed by Multi-factor authentication (MFA).

      For more details, you have to navigate down.
  2. Is Owning Cloud Services Cheap (Save Money)?
    I would say ‘Yes’, because Microsoft provides the best infra and as an individual customer, probably it would not be possible to invest the ‘huge amount’ for Infrastructure Services.
  3. What are the major reasons which trigger you to choose Microsoft Cloud Security?
    I would say ‘Agility’ or ‘BUSINESS VALUE’. Please consider the real time issue of the ‘System Performance’ or ‘Application Performance’ of your ‘Production Server’.

    If you have an ‘On Premises Customer’, you may look over System Hardware, Server Configuration, Network Speed etc. Then, you would zero in on what exact changes the system needs, and then plan for the changes. It may take at least couple of weeks to months, as per Business Need.

    However, it would take only a couple of hours with the Cloud to ‘Scale Up’ your Servers. It’s a good gain from an organizational perspective. Indeed, it saves a couple of weeks/months and hence we have saved MONEY. Furthermore, it adds value to the business, which is ‘Super Important’. 

    So now, let’s have some understanding of how ‘Cloud Security’ works?
As businesses are needed to be built as secure as we can make them, clients may have some concerns over the Data security, specifically Bank / Financial Clients. They may think twice whether the ‘CREDIT CARD’ or the commercial data is safe at the Cloud. I feel, we as a Consultant should have knowledge before any suggestion/ commitments. 

So, as a customer, you could toss different questions.
  • Is our data in the cloud as secure as on premises data/ more or less secure?
  • How easily could someone  hack the cloud data?
  • How much percentage of Data would be vulnerable on the Cloud?
  • For hackers, I think cloud could be a ‘Golden Opportunity’ for data theft?
What you think, does Microsoft really don’t know about RISK or did they plan for this ‘At All’? 
Certainly, one thing I could say is that the capability, resources, and Infrastructure of any Cloud Provider are much higher than an ‘On Premise Data warehouse’. And security has been ensured by many statistics analysis tools and basic analysis tool. 

Security is ensured by various other means. For example, Cloud Active Directory (AD), which keeps a check about Login locations. If a customer logs in from North America in the morning, say 10 AM, he/she could not be logged in from Africa at 10:15 AM (example) and access would be restricted until further authentication.
So far, I have shared my way of thinking or my knowledge. Let's see what security mechanism Microsoft Cloud follows.
  • Microsoft Azure is the cloud platform with many integrated tools, templates, and  services. 
  • Azure leverages us to use our existing learning/expertise of the database, database warehouse, storage, web applications, networking, and computing services to build and manage applications aligned with the cloud. 
  • Azure Security Development Lifecycle (SDL) ensures that everything from the initial phase to launch/deployment phase is secured. 
  • Operational Security Assurance (OSA) provides us a platform to ensure secure operations throughout the lifecycle of the cloud based platform.
  • Azure Security Center (for more details refer to Microsoft Azure website) offers continuous monitoring by

    1. Secure Identity
    2. Secure Infrastructure
    3. Secure Applications and Data
Secure Identity 
Azure Active Directory (AAD) ensures the access to only ‘Authorized Users’. So, Azure enables us to manage user credentials to protect abstract information. Furthermore, AAD ensures authentication, authorization, and access control etc.

Secure Infrastructure 
Precisely, this is the biggest part of the Microsoft Cloud Security and a lot of actors play vital roles to achieve Infrastructure Security. Many of them are Azure Virtual Networks that ensure a safe practice to extend on-premises network to the cloud via VPN or WAN (Azure Express Route). 

Unauthorized and unintentional exchange of the information between deployments in a multi-tenant architecture is averted by mentioned tactics.
  • Using Virtual local area network (VLAN) isolation.
  • Access control lists (ACLs), Load balancers.
  • Network address translation (NAT) separates internal network traffic from external traffic.
  • Regulated Traffic Flow procedures.
Microsoft Antimalware for Azure protects Azure Cloud Services and Virtual Machines, through web application firewalls, network firewalls, antimalware, intrusion detection and prevention systems (IDS/IPS), and many more. 

Secure apps and data
Azure adheres to the industry-best protocols of the data encryption in transition - Data travels between devices and Microsoft datacenters, within datacenters, as well as when the data is at rest in Azure Storage. Security is ensured by encryption for data, files, applications, services, communications, and drives. 

Another Data security features in Azure
We can also encrypt our data before pushing it into Azure, in addition,  ensure key security from on premises data centers.

Conclusion
Hopefully, you have understood the basics of Microsoft Cloud (Azure) Security. This is only the basics; you can get extensive knowledge by reading the Microsoft Azure website (https://azure.microsoft.com/) and get the latest information about Azure/Cloud Security. I would love to keep on sharing the Microsoft Technology stuff with you. Next time, I will discuss ‘Advanced Security with Microsoft Azure’. 

Until next time, Happy Coding and Keep Improving!!

No comments:

Post a Comment