Scroll to Content

Microsoft Azure Security

Where are the real security risks in the cloud?
Hamish Haldane
July 19 2015

When handing over data to a cloud computing provider, a business needs to be assured that their data stays private and secure. No matter which cloud platform you are using, whether it is Microsoft Azure, Amazon Web Services or Rackspace, there is always the potential for threats within the cloud environment. Additionally, there are risks such as lost connections to data within the cloud environment or mismanagement by the provider as to specific obligations concerning record retention. However, due to advancements in technical knowhow as well as improved industry standards and regulations to secure cloud data, these risks are extremely low. This is particularly true with Microsoft Azure.

Microsoft Azure Security Standards

Microsoft has taken extreme measures to secure their clients data. Full physical and electronic contact to the cloud servers are closely monitored, including among Microsoft staff. Those writing the code for Azure software have to run their work through full virus scans and only code with clean scans can be deployed. There are instances where staff need to access the system. But this is tightly controlled with prior authorisation, access via smart-cards and restricted amount of access time. Packet filtering is implemented on all traffic from virtual machines. This reduces the risk of internal attacks prohibiting VMs from contacting protected devices.

Azure has custom-built moderation techniques that protect against DDOS attacks. If a DDOS attack originates from within the network, the VM that has it contained is removed immediately. When a hard drive is retired, it goes through a 7-step wiping operation to verify no data is compromised. 

Microsoft Azure also currently has more than 20 cloud computing related security compliance certificates, including ISO 27001 and 27018.

Extra Level of Security with Managed Azure Service Providers

When your Azure cloud environment is run by a managed service provider, your provider may also offer extra layers of security. SaaSplaza, for example, conducts voluntary, annual audits by PWC in order to maintain their SSAE-16 and ISAE-3402 Type II certifications.

Internal investigations are also performed whereas each prospective employee at SaaSplaza is carefully screened, all internal processes and network activity are carefully monitored, and a full-time Security Officer works with a Global Security Council to review all current-state and future-state security and data requirements and compliance.

Where is the Risk? The Biggest Azure Security Risk is Not in the Cloud

When it comes down to it, the largest Azure security concerns do not rest in the cloud platform itself. The highest risk lies internally, within companies. In the cloud, security is a job for all.

As a company, your staff are accessing and working with the your data and the data belonging to your customers at “the front end”. Keeping antivirus software up-to-date, making proper staff selection, ensuring passwords are secure and maintaining correct permissions is entirely up to you. Companies must play a role in being responsible for the security of their systems and data and it’s up to the right people to exercise due diligence. 

The most proactive approach a company can take in establishing a secure Azure cloud is to assess the specific risks before and after the data is stored. Start by formulating a business strategy that covers security & oversight requirements for all data that has the potential for manipulation or misuse. You should also have your own internal auditing process in place in addition to the auditing that Microsoft Azure and the managed service provider performs. Lastly, your strategy must be flexible to adapt when internal changes happen, as existing controls may become obsolete.

Gain Insight and Optimize Your Microsoft Cloud Journey with SaaSplaza CloudSCAN

The CloudSCAN starts with an intake meeting to review your high level business objectives, how they align to your IT landscape and objectives, e.g. business continuity, and disaster recovery, business critical applications, security, IT policies, cost of IT, etc. To guide the first step, we use a standardized methodology to ensure we cover your relevant business aspects and allow the CloudSCAN to create significant benefit to your organization with a minimum amount of time. As a second step, based on initial findings, we engage a Cloud Architect to address specific areas of interest in more detail with you.

Apply for the obligation free SaaSplaza CloudSCAN today!

 

Go To Previous ArticleGo To Next Article