Customers can now move to Microsoft Azure with confidence due to advances in cloud security.

Ganesh Chauhan, Technical Support Specialist, Microsoft Azure.

Cloud adoption is accelerating in highly regulated industries such as healthcare and banking, and businesses are shifting more mission-critical applications and sensitive data to the cloud. As a result, cloud security is more important than ever. Customers want to know, among other things, whether they can trust Microsoft to protect their data, whether they can meet their organization’s compliance requirements in Microsoft Azure, and how they can keep their virtual networks secure. In addition to rapidly releasing new cloud services, Azure is driving innovation in data protection, threat defense, network security, and identity and access management. Hundreds of new capabilities, such as antimalware, network security groups, and role-based access control, have also been released this year to address customer security requirements and compliance concerns. These capabilities, combined with our legal and compliance commitments, provide a reliable foundation, allowing customers to confidently migrate to the cloud.

Data Security

Microsoft is dedicated to enabling best-in-class encryption. By default, Azure encrypts content flowing over the internet between the customer and the Azure service using industry-leading capabilities, such as recent enhancements to TLS/SSL cypher suites and Perfect Forward Secrecy. We expanded encryption capabilities this year to provide a broader range of options for securing data at rest. Customers can now encrypt data volumes with BitLocker and enable additional encryption with Cloud Link and Trend Micro third-party solutions. This whitepaper contains more information on Azure data protection.

Threat Protection

Keeping up with today’s threats can be difficult, both on-premises and in the cloud. To help identify and mitigate threats to the Azure platform, Microsoft employs intrusion detection and prevention systems, denial of service attack prevention, regular penetration testing, and data analytics and machine learning tools. While customers are unaware of it, a recent upgrade to its denial of service system provides significantly improved protection for all customers. Microsoft Antimalware is now generally available for Virtual Machines and Cloud Services, alongside solutions from Symantec, Trend Micro, and McAfee, to ensure customers have the right protections in place. Security event logs from virtual machines can be collected for further analysis, and partners such as AlertLogic provide integrated log management services.

Network Protection

Customers can use virtual networks to build private networks in the cloud and securely connect on-premises data centers to Azure. Microsoft made several network security announcements at TechEd North America 2014. One of these improvements is that Virtual Network now supports multiple site-to-site VPN connections, allowing customers to securely connect to multiple on-premises locations. Multiple virtual networks can now be directly and securely linked to one another thanks to new VNET-to-VNET connectivity. In addition, ExpressRoute is now generally available, enabling customers to establish a private connection to Azure data centers, keeping their traffic off the Internet. Building on those improvements, Microsoft debuted Network Security Groups at TechEd Europe 2014 to facilitate subnet isolation in multi-tier topologies. Microsoft also added support for site-to-site forced tunneling, which sends network traffic back to on-premises for policy validation, as well as multiple NICs, giving IT more network control and enabling a slew of network security appliances from Citrix and Riverbed. This whitepaper contains more information on Azure network security capabilities.

Identity and Access

Controlling who has access to and can manage cloud resources is critical. Customers can enable Multi-Factor Authentication for administrators and federate user identities to Azure Active Directory. New Role Based Access Control (RBAC) features allow you to limit access and permissions for specific cloud resources. Azure Active Directory provides reports that alert you to unusual activity, such as a user logging in from an unknown device, to help detect suspicious access. Furthermore, operational logging and alerting capabilities can notify customers when a website is shut down or a virtual machine is deleted. To fully realize the speed, scale, and economic benefits of the cloud, enterprises must be confident that their infrastructure, applications, and data are not at risk. Microsoft is committed to advancing cloud security, leveraging more than two decades of experience building enterprise software and running some of the world’s largest cloud services. The goal is to not only meet but exceed the level of protection most enterprises have in place on-premises or in their own data centers. Visit the Microsoft Azure Trust Center for the most up-to-date information on security features and best practices.

Professional Labs is the Best Cloud Managed Services Provider USA, for more details contact
Contact Us | Professional labs (