Microsoft Windows Azure March 8, 2017 Last Updated: March 8, 2017


 

Microsoft recently announced that several analytical tools, new capabilities and products have been introduced to combat security threats.

 

In a blog post, Bret Arsenault, chief information security officer at Microsoft, mentioned, “New capabilities in Azure Security Center available for preview include Just In Time network access to VMs [virtual machines], predictive application whitelisting and expanded Security Baselines with more than 100 recommended configurations defined by Microsoft and industry partners”.

 

Microsoft Windows Azure ensures that your data remains secure with multiple layers of security and governance technologies. There also are operational practices and compliance policies to help maintain privacy and integrity of data. Azure offers a variety of ways to protect data as per the security norms of an organization.

 

Even though Microsoft Azure offers many security features, the IT Admin has to take responsibility for the security of their data, operating system and applications in the Cloud. While building Azure’s secure environment, ensuring security features within Azure infrastructure is the first key step. Security has to be ensured and embedded at various levels: network, application and administrative. For the IT Admin, it is important to identify the different states that data can be in to be able to define its security norms. For example, data can be at rest, which refers to data that is stored in physical media. In-transit data is the data that is transferred between different locations like data transfers between virtual networks. Data in-use means the data that is in the virtual memory or information that is being acted upon during a process.

 

The responsibility for security on Microsoft Azure is a joint responsibility of Azure and the customer. The intent of Microsoft is to provide a secure platform that can accommodate the security norms of the customer.

 

Some of the best practices to maintain the security in Microsoft Azure are listed below.

 

Plan the Cloud adoption

 

Without careful planning of the adoption of Cloud Services, the rectifications that are made later lead to cost and effort wastage. It is always recommended that one should involve business department heads, application owners and other decision makers while planning for the adoption of Cloud services. One should also list and identify all subscriptions. Thorough planning will enable a smooth adoption of the Cloud and provide a solid start point.

 

Manage Access Management

 

Both accounts and subscriptions are assigned with the Azure Account Center. Account Administrator, default Service Administrator for subscriptions, is responsible for creating the account and also manages all subscriptions of the account.

 

With Azure Account Center you can see how Azure is being used and know the Account Administrator. The subscriptions allow you to manage access in the Cloud. Additionally, subscriptions provide different plans for different business units. All cloud services belong to a subscription and you need subscription ID to make programmatic changes.

 

Two-factor Authentication

 

For the two-factor authentication, one needs to confirm the provided account verification more than once. It serves to add a second layer of security for users to sign-in. Two-factor authentication relies on a layered approach. Even if a hacker knows the user password, unless the sign in is from a trusted device, the log-in will not happen. Even if a user loses the trusted device, the access is not possible without a password.  Also called the Azure Multi-Factor Authentication, it is a service that needs a user to verify sign-in with a mobile app, text message or a phone call.

 

Disaster recovery plan

 

There might be a disruption to cloud services due to unpredictable and out of control situations. There might be an issue at the data center or for some unforeseen circumstance, the data center might be down. One should have a disaster recovery plan, which includes hosting the cloud services in different locations and the second cloud service to work as a backup when the first one in not operational.

 

Still have concerns related to Cloud Adoption? Speak to one of our experts today.

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *