Cloud

Why Enterprises That Value Security Trust Microsoft Azure

The Azure cloud computing platform allows businesses to become more agile and flexible while still protecting applications and data.

BizTech Staff

Enterprises across many different industries depend on Microsoft Azure as a critical component of their IT strategies. The flexibility, scalability and powerful technology supported by Azure allow organizations to realize the benefits of cloud computing within the framework of a comfortable and familiar technology platform. Microsoft Azure supports a broad cross-section of technologies, including numerous operating systems, programming languages, frameworks, tools, databases and devices. Microsoft built the Azure platform using many of the same Microsoft products that millions of developers and IT professionals around the world already trust for their onpremises operations.

The Azure platform provides IT professionals access to a virtually unlimited pool of computing, storage and application development resources. While on-premises environments are constrained by available hardware and require costly upgrades to boost capacity on a regular basis, Azure allows enterprises to extend or replace those environments with pooled resources shared by many different customers. This allows for reliable access to the foundational resources necessary to sustain enterprise technology environments, as well as burst capacity to meet periodic and unexpected surges in demand. Under the Azure pricing model, customers pay only for the services they need. When an enterprise requires access to computing resources on a temporary basis, it simply pays by the hour for those resources. Charges stop accumulating as soon as the customer releases the resources they’ve been using. In the cloud computing model, overprovisioning is a thing of the past.

Cloud services also provide customers with rapid access to emerging technologies. For example, Azure provides customers with ondemand access to advanced analytic services, such as machine learning and business intelligence technologies. Organizations that wish to experiment can quickly provision them and be up and running in minutes. This replaces the traditional on-premises approach that would require negotiating license agreements, designing infrastructure and ordering hardware before beginning an exploration of new technology.

Security Features of Azure

Microsoft recognizes that IT professionals are willing to adopt cloud computing solutions only if they are absolutely confident in the provider’s ability to provide strong security measures that safeguard customer applications and data. Because of this, Microsoft invested roughly $1 billion in security during 2015 and doubled the number of security executives on its team during that same period. It focused on three key areas of Azure security: design and operational security; encryption; and identity and access management.

Design and Operational Security

As Microsoft developed the Azure service, the company adopted a revolutionary “security first” approach to the platform. Azure was designed with security in mind as a key requirement, not as an afterthought added on at the end. This approach ensures that Azure’s security functionality is efficient, effective and userfriendly. Enterprises may secure the data stored in Azure with confidence that the controls were built using a defense-in-depth strategy. This approach assumes security breaches will occur and uses multiple, overlapping controls to prevent the breach of a single control from jeopardizing the security of the platform.

Microsoft also brings considerable operational security experience to the Azure platform. Azure benefits from the knowledge and oversight of Microsoft’s global incident response team that works around the clock to mitigate the effects of any attack. This team can also draw on the resources of Microsoft’s centers of excellence that fight digital crime, respond to security incidents and vulnerability reports, and combat malware.

Encryption

Encryption is the cornerstone technology of information security programs, and Microsoft’s security-first approach to Azure integrates encryption technology for both data in transit and data at rest. Industry-standard encrypted transport protocols protect communications between user devices and Microsoft data centers, protecting data from prying eyes. Microsoft uses this same encryption technology to protect internal communications between data centers, ensuring that customer data remains safe. Customers seeking to move large quantities of data to Azure may even opt to ship the data directly to Azure data centers on hard disks encrypted using BitLocker technology.

Enterprises may also apply encryption to data stored in the Azure platform, protecting it against a variety of attacks. Azure offers a wide range of encryption capabilities for data at rest, including the federal government’s Advanced Encryption Standard (AES), which uses 256-bit encryption keys. The use of encryption for data in transit and at rest provides customers with the confidence that their sensitive information remains safe and secure in the cloud.

Identity and Access Management

Azure Active Directory provides enterprises with a comprehensive cloud-based identity and access management solution that helps secure access to cloud applications. Users may authenticate to Azure Active Directory and then obtain tokens for use with diverse applications. Enterprises may also choose to synchronize Azure Active Directory with the Windows Server Active Directory environments that they already run on-premises, providing easy integrations between cloud and onpremises authentication infrastructures.

Azure Active Directory helps IT professionals simplify user and group management functions and integrate them tightly with security controls. It combines core directory services, advanced identity governance, security and application access management in a consolidated, trusted platform. Developers can extend Azure Active Directory using the Azure Active Directory Graph REST application programming interface and can also integrate with Facebook, Google, Windows Live ID and other identity providers using Azure Active Directory Access Control.