08/20/2019 | News release | Distributed by Public on 08/19/2019 23:16
One of the biggest concerns any CTO or IT manager has about cloud adoption concerns the security of their data. This has been one of the most common causes of delay to cloud projects, as decision makers try to satisfy themselves that they are fully protected. But the reality is that the Azure platform employs far stronger security safeguards as standard than most on-site infrastructure.
Encrypted VPN connections are a cornerstone of remote working practices, and IT professionals are more than familiar with the principle of encrypted communications. So it will be of no surprise that Microsoft use 256-bit TLS-secured communications to protect data in transit between clients and the Azure cloud.
But encryption is also employed for data not currently in use (data at-rest). The Azure platform applies 256-bit AES Storage Service Encryption to all data held in the cloud - including database blobs. This can be further strengthened Azure disk encryption within your virtual server to create a third layer of encryption for your data while it is in the cloud.
Navisite has provisioned connectivity from Navisite owned Data Centers in US and UK to Microsoft Azure Data Centers, extending the foot print of connectivity to Azure Cloud.
ExpressRoute lets you extend your on-premises networks into the Microsoft cloud over a private connection facilitated by a connectivity provider. With ExpressRoute, you can establish connections to Microsoft cloud services, such as Microsoft Azure, Office 365, and Dynamics 365.
Connectivity can be from any-to-any (IP VPN) network, a point-to-point Ethernet network, or a virtual cross-connection through a connectivity provider at a co-location facility. ExpressRoute connections do not go over the public Internet. This allows ExpressRoute connections to offer more reliability, faster speeds, consistent latencies, and higher security than typical connections over the Internet.
Preventing data leakage between tenants
One of the other common concerns about the public cloud is whether data will leak between tenants. Without any idea who the other users of the multi-tenant Azure platform are, a data leak could be disastrous with sensitive information being leaked to competitors. And that's before you consider compliance issues.
Fortunately, the Azure multi-tenant system abstracts data from the physical infrastructure, ensuring that information cannot be passed between subscribers, accidentally or otherwise.
The biggest security risks come from within
All of these Azure security measures sit behind enterprise-class perimeter defenses. No system is 100% secure, but even if cybercriminals do manage to breach security, any data they steal will be encrypted - and therefore effectively useless.
In reality, the biggest security risks exist inside your own network - your authenticated users. Often breaches occur because of poor security disciplines, and some are because of deliberately malicious behavior, like phishing schemes. Compromised credentials will continue to be the primary method for bypassing your security, inhibiting services, disrupting productivity, stealing data, and conducting financial fraud.
Clearly this is a problem. No matter how good your perimeter defenses are, hackers are able to compromise your systems. Worse still, Azure security provisions like encryption are powerless to block these infiltrators because they appear to be legitimate.
Focus on authentication first
Once configured, Azure security pretty much takes care of itself. After migration, your security budget will be better spent on tightening internal security and detecting malicious activity.
A multi-factor SSO system will help to dramatically reduce the risk posed by compromised passwords for instance because hackers will have difficulty obtaining the secondary token required for authentication. You can then deploy a machine-learning system to monitor and baseline user behavior and network traffic; over time these systems are able to detect, block and report suspicious activity quickly and automatically. In this way you can halt many cyberattacks, including those originating from within your perimeter defenses, because the attacker's activity deviates from the norm.
As part of its managed security offerings, Navisite goes beyond the already strong security functions of Azure, when managing clients' Azure clouds - to employ optimum approaches centered around a focus of managed detection and response (MDR), identity-driven security protocols, and vulnerability risk management postures, including scanning and monitoring.
Our approach ensures that you're not only kept alerted to security risks and possible breaches as they might occur, but we remediate any concerns that arise on your behalf, so your IT team doesn't have to hunt down and address threats.