Cloud based access control explained: Part 1
“The Cloud.” What is it, what is access control in the cloud, and how secure is it actually? In this article, we’ll take a dive into the basics of the cloud and the Microsoft Azure framework – the cloud servers powering Protege X.
Microsoft Azure and Protege X
One of the largest cloud providers in the world is Azure, Microsoft’s cloud platform. Azure is trusted by 95% of fortune 500 companies and has the largest compliance portfolio in the industry.
That’s why we have decided to use Azure as our host for our cloud-based system Protege X. Protege X is ICT’s next generation cross platform access control and intrusion detection ecosystem, designed for businesses who demand future-proofed flexibility.
As more access control and security companies bring their systems onto the cloud, it’s important to understand what it is and why it matters to you, the installer and end-user.
You’re probably more familiar with it than you may know. At its most basic, the cloud is just the internet. More specifically, the cloud is a global network of servers that allow you to access the software and databases that make up the internet. Google Drive, Dropbox, and Netflix are all everyday examples of the cloud in action. When you turn on Netflix, the movie isn’t stored on your TV or laptop, it’s stored in the cloud and you are accessing that through the internet.
While colloquially, we refer to cloud security as cloud cybersecurity, there is an intrinsic difference between cybersecurity and cloud security.
Cybersecurity is the protection of internet-connected devices – laptops, smartphones, and even ICT devices such as the controller or tSec readers – against cyberattacks, like software supply chain attacks, which annually impact 3 out of 5 US companies.
Cloud security refers to the protection of the data, networks, and infrastructure that make up the cloud-based system. This security is built on the policies, processes, and technologies that are built to safeguard the cloud system and the data within that system against malicious actors.
Cybersecurity is part of cloud security, but cloud security is not always part of cybersecurity.
These types of small differences are often not known by those outside of the cloud security industry and can make understanding the cloud and cloud security more confusing. Therefore, it’s no surprise that the perceived security risks of the cloud is the number one reason holding physical security industry professionals and end-users back from embracing the cloud.
A lack of clear education about the cloud and its security leaves room for distrust to grow. So, let’s clear the air and get to know Microsoft Azure.
Secure network infrastructure: Datacenters
Azure is run through over 100 geographically dispersed worldwide datacenters managed, monitored, and administered by Microsoft operations staff.
The geographic distribution is broken down into 3 sections:
- Regions: A set of datacenters, connected by a massive network. Regions within a geography can talk to one another.
- Availability zones: Physically separate locations, each equipped with independent power, cooling, and networking, ensuring that if one zone goes down, it will not affect the rest of the region.
- Geographies: Geographies or data residency boundaries allow customers to meet compliance, resiliency, and data sovereignty requirements within their country or union.
Azure datacenter physical security
Microsoft has an entire division dedicated to designing, building, and operating the datacenters supporting Azure and requires all employees and the rare visitor to go through several rigorous access control steps.
All requests to enter the datacenter must be validated and access is granted on a need-to-access basis, with strict zone and time limits placed on the credential. Biometrics are required for multi-factor authentication (MFA) and you must pass through metal detectors going in and out of the center. Cameras also watch every angle of every server to ensure hardware is never tampered with or stolen.
The strict rules around entering and exiting mitigate risks to these datacenters and your data.
Outages and disaster recovery
Disaster recovery is built-in thanks to the geographically dispersed datacenter locations. In the instance of an outage or natural disaster, the Azure datacenters have uninterruptible power supplies with vast banks of batteries and emergency generators.
If something were to happen to one of the datacenters your data is kept in, you can rest assured it’ll be safe and sound as your database backup is geo-replicated and stored in separate centers.
In the first part of this series, we covered the basics of cloud based access control, how ICT and Azure work together to create Protege X, and how Azure keeps its datacenters secure. In the next part we’ll dive into the software side of Azure and how they keep it secure.