How secure is Azure?

Unwavering Security in Azure: Insights from BUI Cyber Security Architect Hilton Ashford.

---

If you’re wondering whether it’s safe to use public cloud resources when cyber crime is making headlines almost every day, you’re not alone. 

Around 66% of enterprise leaders feel that security is their biggest issue when it comes to public cloud adoption and usage, according to the Cloud Vision 2020 report. In the same survey, 60% of respondents were concerned about governance and compliance; 57% of respondents voiced data privacy fears; and 37% cited a lack of visibility as a key challenge.

Fortunately, Microsoft Azure is built from the ground up, with security, compliance and privacy as foundational pillars – making it not only a popular choice, but a compelling one, too.

Azure is Microsoft’s public cloud computing platform, with more than 200 products, services and tools to help customers build, run, manage, monitor and secure applications and workloads in the cloud.

First announced in 2008 and officially launched in 2010, Azure is currently ranked as the second-largest public cloud platform in the world, with 23% of the market share and a customer list that includes more than 95% of America’s Fortune 500 companies.

With various different kinds of cloud computing available (including infrastructure as a service, platform as a service and software as a service), Azure enables customers to create and host websites and web applications; process, store and manage vast quantities of data; fuel workplace collaboration, communication and productivity; and much more in a flexible and scalable environment.

Microsoft employs a multi-layered security strategy to safeguard the brick-and-mortar data centres that power Azure.

---

Azure serves over a billion customers and more than 20 million companies worldwide – which is why Microsoft created a robust global infrastructure with both physical and cyber security protocols in place.

State-of-the-art physical security for every Azure data centre

To protect the physical machines and network components inside the 200+ brick-and-mortar data centres that power Azure, Microsoft employs a multi-layered security strategy.

Perimeter security measures include concrete-and-steel fences, sophisticated surveillance cameras and strict access control mechanisms for Microsoft personnel and visitors alike. Nobody gets into an Azure data centre facility unless they have a valid reason to be there – and even then, they have to pass a full-body metal-detection scan and a two-step identity validation (with biometrics) before they can proceed to the data centre zone that they’re permitted to enter.

There are additional security precautions for visitors – including dedicated building chaperones and time- and zone-specific access badges – and everyone (and everything) is closely monitored by trained security officers and patrol guards.

By maintaining a high level of physical security at every Azure data centre, Microsoft is able to reduce the risk of unauthorised access to the devices where customer data is managed and stored.

An international team of cyber security experts

The physical safeguards at Microsoft’s Azure data centres are complemented by advanced cyber security systems, which leverage human wisdom, artificial intelligence and machine learning algorithms to ensure that all cloud resources are monitored and protected 24 hours a day.

You may already know that Microsoft employs more than 8 500 cyber security and threat intelligence experts worldwide – but have you heard about its full-time Red and Blue teams? The company’s Red teams of ethical hackers and Blue teams of security responders are engaged in continuous exercises designed to test and challenge the Azure infrastructure.

Red team members, behaving like real-world adversaries, will try to penetrate Azure’s cyber barriers – and Blue team members must detect, and stop, the intrusion attempt. Microsoft uses these offensive and defensive drills to help identify potential vulnerabilities and configuration issues, and to evaluate threat detection and response capabilities in a controlled operational environment.

With trusted staff in these Red and Blue teams, Microsoft is able to work through countless threat scenarios and attack simulations. It’s also able to glean critical insights about Azure’s performance: insights that inform the enhancements, improvements and updates made to the cloud platform in service of greater customer security.

A $1 billion annual investment in security

The cyber security landscape is evolving constantly and new threats and attack vectors are emerging more frequently, too. Microsoft spends $1 billion in security-related research and development every year to ensure that it can stay ahead of these threats, anticipate future risks and create even more secure cloud products and services for its customers. The Microsoft Security Response Centre (MSRC) and the Digital Crimes Unit (DCU) are integral to this mission.

The MSRC is responsible for defending both Microsoft and its customers against cyber threats. Since its inception more than 20 years ago, the MSRC has been working with researchers at the forefront of cyber security innovation to continuously improve threat detection and response. Meanwhile, the DCU (with its dedicated team of legal and technical specialists) concentrates on fighting digital crime through collaborative efforts with law enforcement officials, security firms and customers worldwide.

By funding research and development initiatives, enabling the operations of the MSRC and the DCU, and forming alliances within the global cyber security ecosystem, Microsoft is ultimately able to strengthen its Azure products, services and tools – to the benefit of every customer who uses them.

A commitment to share cyber security intelligence

In addition to its financial investments in security technology, Microsoft is committed to sharing valuable, actionable cyber security data and content with its Azure customers.

The Digital Defence Report (with in-depth guidance from Microsoft’s threat hunters and frontline defenders) is published every year. Cyber Signals (a cyber threat intelligence brief featuring the latest Microsoft data and research) is released every quarter. And the Microsoft Security Blog is updated frequently with expert advice and coverage on a variety of contemporary cloud security matters.

• Read the latest Digital Defence Report
• Read the latest edition of Cyber Signals
• Read the latest posts on the Microsoft Security Blog

Microsoft developed Azure in line with the toughest security and compliance benchmarks in the world. The cloud platform is routinely audited by independent third parties to ensure that it continues to meet international standards such as ISO 27001 (for information security management) and ISO 27018 (for the protection of personally identifiable information), as well as key industry guidelines like those covered in SOC 1, SOC 2, SOC 3, and the Cloud Security Alliance’s programme for cloud security assurance.

A comprehensive compliance portfolio

Today, Azure has more than 100 compliance offerings to help customers adhere to a wide range of national, regional and industry-specific governance and compliance obligations related to data collection, data management, cyber security and privacy.

Customers in the United States, for example, can take advantage of Azure compliance certifications for state legislation like the California Consumer Privacy Act and industry decrees such as the Health Insurance Portability and Accountability Act and the Financial Industry Regulatory Authority’s Rule 4511.

Likewise, European customers can leverage certifications for country-specific rules (like Spain’s Ley Orgánica de Protección de Datos, or LOPD, regarding personal data) and region-specific laws (like the European Union’s General Data Protection Regulation, or GDPR, regarding information protection).

By maintaining a comprehensive portfolio of compliance offerings, and by working with governmental and non-governmental organisations to plan for future regulatory requirements, Microsoft is able to cater for the diverse governance and compliance needs of Azure customers almost everywhere.

Over and above its cyber security and compliance protocols, Azure is geared for the protection of user privacy, with a number of measures to guarantee that customer data is handled according to the prevailing best practices and privacy laws.

A complete segregation of customer data

Azure customers might share data centre resources, but their individual data remains private, protected and segregated at all times. Azure uses logical isolation (a means to prevent communication and interaction between devices with common network infrastructure) to segregate each customer’s data from the data of others. Azure Active Directory’s role-based access-control mechanisms are also leveraged to ensure the privacy, confidentiality and security of customer data.

A shield for data, wherever it is

Azure offers robust encryption capabilities to shield data when it is at rest (in databases, file systems, data lakes and static storage devices) and when it is in transit (between user devices and Azure data centres, or between and within the data centres themselves). All customer data is encrypted using industry-standard encryption algorithms – including AES-256, which is widely acknowledged as the strongest and safest encryption in existence today.

By incorporating data protection and privacy controls into its cloud platform, Microsoft is able to maintain the integrity and privacy of customer data, wherever it is located in Azure.

With its state-of-the-art physical security measures, advanced cyber security systems, stringent adherence to global compliance standards, and extensive privacy controls, Azure offers a comprehensive framework for protecting customer data – and industry analysts agree. In 2022, Microsoft was named as a Leader in multiple Gartner® Magic Quadrant™ reports and Forrester Wave™ categories, including:

• The Gartner® Magic Quadrant™ for Access Management
• The Gartner® Magic Quadrant™ for Endpoint Protection Platforms
• The Gartner® Magic Quadrant™ for Security Information and Event Management
• The Forrester Wave™ for Endpoint Detection and Response
• The Forrester Wave™ for Security Analytics Platforms

Customers who choose Azure will have the advantage of a secure, compliant and privacy-focused cloud platform – and the peace of mind that their data is handled with due care.

BUI Cyber Security Architect Hilton Ashford is a CISSP and Azure Solutions Architect Expert with a diverse background in cyber forensics, information systems, vulnerability assessment, network administration and technology management.

BUI is a Microsoft Azure Expert MSP and Microsoft Solutions Partner for Business Applications, Data & AI, Digital & App Innovation, Infrastructure, Modern Work and Security.

With 10 Microsoft Advanced Specializations in solution areas including Cloud Security, Identity and Access Management, Information Protection and Governance, and Threat Protection, BUI is a trusted technology partner to mid-market and enterprise-level organisations across the world.

Let’s talk about a cloud-powered cyber security solution to protect and defend your business data.