Protege X

Cloud security explained.

The cloud can be a vague term without much meaning but you’re probably more familiar with it than you may know. At its most basic, the cloud is just the internet. More specifically, the cloud is a global network of servers that allow you to access the software and databases that make up the internet. Google Drive, Dropbox, and Netflix are all everyday examples of the cloud in action. When you turn on Netflix, the movie isn’t stored on your TV or laptop, it’s stored in the cloud and you are accessing that through the internet.

A key component of Protege X’s security is the Zero Trust Security Model. Summed up as “never trust, always verify”, devices – like a company computer – should never be trusted by default, even if the user has previously been approved. This best practice in cybersecurity mitigates the risk of malicious actors gaining access to sensitive data and is further backed by the use of multi-factor authentication (MFA).

MFA requires a user to take multiple steps to sign into their device or login to their account, such as using a password and using biometrics through an authentication app on their smartphone. MFA is used to log into any applications connected to the Protege X system and is managed by Azure Active Directory (Azure AD).

Azure datacenters are tightly secured, however, if anything were to happen, you can rest assured your data is safe thanks to built-in disaster recovery. Customer data is kept in two geographically separate locations, with uninterruptible power supplies thanks to vast banks of batteries and emergency generators for each center.

Whether it’s in transit or at rest, all customer data is encrypted. Microsoft follows international standards enabling ‘encryption by default’ for all data in transit between datacentres, and Protege X is backed by Transport Layer Security – a communications security cryptographic protocol which ensures a secure, reliable, and confidential connection between two applications.

All data at rest is stored in the Azure SQL Database which has built-in encryption with symmetric encryption. Azure also uses best practices like Trusted Execution Environments (TEEs), which separate customer data from the main operating system, creating a secure environment that’s invisible to external parties, meaning malicious actors cannot gain access.

All data at rest is further protected by data segregation. Microsoft managed and customer networks are segregated from each other in Azure, protecting customer networks against attacks targeted at Microsoft managed networks, which is more common. However, it doesn’t stop there. To ensure customers can’t access each other’s networks, they’re further segregated using network virtualization methods.

Network virtualization consists of separating the software, like the Protege X application, from the hardware so that the network can run independently from the physical equipment supporting them. Each virtual network exists independently while still able to be managed from a centralized point, meaning a breach or incident in one customers’ network doesn’t impact the rest of the server.