Microsoft Azure Cloud Platform Security
Cloud Services—Platforms And Solutions—Microsoft Azure Cloud Platform Security

Microsoft understands that for you to realize the benefits of the cloud, you must be willing to entrust Microsoft cloud provider with one of the most valuable assets—Microsoft data. If you invest in a cloud service, you must be able to trust that customer data is safe, that the privacy of Microsoft data is protected, and that you retain ownership of and control over Microsoft data—that it will only be used in a way that is consistent with Microsoft’s expectations. Microsoft strives to earn trust in Microsoft Azure. Microsoft’s long experience running online services has involved extensive investment in foundational technology that builds security and privacy into the development process. Over time, Microsoft developed leading security measures and privacy policies, and participated in international compliance programs with independent verification. For data at rest, Microsoft Azure Cloud Platform Security offers a wide range of encryption capabilities up to AES—256, giving you the flexibility to choose the solution that best meets needs.

Microsoft Azure Cloud Platform Security meets a broad set of international and industry—specific compliance standards, such as ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2, as well as country specific standards like Australia IRAP, UK G—Cloud, and Singapore MTCS. Rigorous third—party audits, such as by the British Standards Institute, verify Azure’s adherence to the strict security controls these standards mandate. As part of Microsoft’s commitment to transparency, you can verify Microsoft implementation of many security controls by requesting audit results from the certifying third parties. When Microsoft verifies that their services meet compliance standards and demonstrates how we achieve compliance, that makes it easier for customers to secure compliance for the infrastructure and applications they run in Microsoft Azure. Securing networks—Microsoft Azure Cloud Platform Security provides the infrastructure necessary to securely connect virtual machines to one another and to connect on premises data centers with Microsoft Azure VMs.

Security And Privacy Are Embedded Into Microsoft Azure

Microsoft Azure Cloud Platform Security makes security and privacy a priority at every step, from code development through incident response. Security and privacy are built into the Microsoft Azure platform, beginning with the Security Development Life—cycle (SDL) that addresses security at every development phase from initial planning to launch, and Azure is continually updated to make it even more secure. Microsoft Operational Security Assurance builds on SDL knowledge and processes to provide a framework that helps ensure secure operations throughout the life—cycle of cloud based services. Microsoft Azure Security Center makes Microsoft Azure the only public cloud platform to offer continuous security health monitoring. Your IT infrastructure is more dynamic than ever, with on premises data centers, cloud and hybrid environments, and an ever—changing threat landscape.  Microsoft Azure Cloud Platform Security managed services gives you a single solution to monitor the security of your infrastructure at the network, system, and application layer.

Microsoft Azure Cloud Platform Security Keeps Data Safe

Microsoft has leveraged its decades long experience building enterprise software and running some of the world’s largest online services to create a robust set of security technologies and practices. These help ensure that Microsoft Azure cloud security infrastructure is resilient to attack, safeguards user access to the Microsoft Azure environment, and helps keep customer data secure through encrypted communications as well as threat management and mitigation practices, including regular penetration testing. Managing and controlling identity and user access to Microsoft environments, data, and applications by federating user identities to Microsoft Azure Active Directory and enabling multi factor authentication for more secure sign in. Encrypting communications and operation processes for data in transit, Microsoft Azure Cloud Platform Security uses industry standard transport protocols between user devices and Microsoft data centers, and within data centers themselves.

Privacy To Own And Control Data

For more than 20 years, Microsoft has been a leader in creating robust online solutions designed to protect the privacy of Microsoft customers. Microsoft time—tested approach to privacy and data protection is grounded in Microsoft commitment to organizations’ ownership of and control over the collection, use, and distribution of their information. Microsoft strives to be transparent in Microsoft privacy practices, offer you meaningful privacy choices, and responsibly manage the data we store and process. One measure of Microsoft commitment to the privacy of customer data is Microsoft adoption of the world’s first code of practice for cloud privacy, ISO/IEC 27018. You own Microsoft own data. With Microsoft Azure Cloud Platform Security, you have ownership of customer data—that is, all data, including text, sound, video, or image files and software, that are provided to Microsoft by you, or on Microsoft behalf, through the use of Microsoft Azure.

Microsoft Azure Cloud Platform Security

Microsoft Azure is an open and flexible cloud platform with integrated tools, templates, and managed services. With Azure’s integrated compute, database, storage, web, networking, and analytics services, you can use your existing skills and familiar technologies to build and manage apps and extend your IT functions into the cloud. Azure provides businesses with the data security and privacy, control, and transparency they require. Confidential data is the lifeblood of any company, and protecting it from compromise is mission—critical. Companies in many industries are bound by extensive regulations regarding the use, transmission, and storage of customer data.

Security and privacy are built right into the Azure platform, beginning with the Security Development Lifecycle (SDL) that addresses security at every development phase from initial planning to launch, and Azure is continually updated to make it even more secure. Operational Security Assurance (OSA) builds on SDL knowledge and processes to provide a framework that helps ensure secure operations throughout the lifecycle of cloud-based services. Azure Security Center makes Azure the only public cloud platform to offer continuous security-health monitoring.

Microsoft Azure is built on the premise that for you to control your own customer data in the cloud, you require visibility into that data. You must know where it is stored. You must also know, through clearly stated and readily available policies and procedures, how we help secure Microsoft customer data, who can access it, and under what circumstances. And don’t take Microsoft word for it, you can review the third—party audits and certifications that confirm that Microsoft meets the standards Microsoft sets. You can access Microsoft customer data at any time and for any reason without assistance from Microsoft.

How Microsoft responds to government and law enforcement requests to access data. When a government wants customer data—including for national security purposes—it must follow the applicable legal process, serving us with a Microsoft to order for content or a subpoena for account information. If compelled to disclose customer data, Microsoft will notify you and provide a copy of the demand, unless legally prohibited. Microsoft does not provide any government with direct access to customer data except as you direct or where required by law.

Azure enables you to manage user identities and credentials, and control access to protect business and personal information. Azure Active Directory (AAD) helps ensure that only authorized users can access your environments, data, and applications, and can provide multi—factor authentication for highly secure sign—in. AAD Privileged Identity Management helps to reduce the risk associated with administrative access. AAD performs authentication, authorization, and access control, and supports industry—standard protocols such as SAML 2.0, WS—Federation, and OpenID Connect, so developers can integrate identity management into their apps across different platforms.

Developers can build mobile and web apps that integrate with Microsoft and third party APIs with OAuth 2.0. AAD works as a standalone cloud directory for your organization or can be integrated with your on-premises Active Directory with directory sync and single sign—on (SSO). Federated applications can support user provisioning and password vaulting.

Azure infrastructure security relies on secure practices and technologies to connect virtual machines to each other and to on-premises datacenters, while blocking unauthorized traffic. Azure Virtual Networks extend your on—premises network to the cloud, via a site—to—site virtual private network (VPN) or dedicated wide area network (WAN) link via Azure ExpressRoute, to create a cross—premises connection. Microsoft continuously monitors servers, networks, and applications to detect threats.

Azure’s multipronged threat—management approach uses intrusion detection, distributed denial—of—service (DDoS) attack prevention, penetration testing, behavioral analytics, anomaly detection, and machine learning to constantly strengthen its defense and reduce risks. Microsoft Antimalware for Azure protects Azure cloud services and virtual machines. You have the option to deploy third-party security solutions within your subscriptions, such as web application firewalls, network firewalls, antimalware, intrusion detection and prevention systems (IDS/IPS), and more.

Stay ahead of current and emerging cloud threats with an integrated, analytics—driven approach. By combining Microsoft global threat intelligence and expertise, with insights into cloud security-related events across your Microsoft Azure deployments, Security Center helps you detect actual threats early and reduce false positives. Cloud security alerts give you insights into the attack campaign, including related events and impacted resources, and suggest ways to remediate issues and recover quickly.

Define policies for your Microsoft Azure subscriptions according to your company’s cloud security needs, tailored to the type of applications or sensitivity of the data in each subscription. Use policy—driven recommendations to guide resource owners through the process of implementing required controls—take the guesswork out of cloud security. Use Azure Security Center to get a central view of the security state of all of your Azure resources. At a glance, verify that the appropriate security controls are in place and configured correctly, and quickly identify any resources that require attention.