Cloud security explained.
Microsoft Azure is one of the largest cloud providers in the world. Azure is trusted by 95% of fortune 500 companies and has the largest compliance portfolio in the industry. That’s why we have decided to use Azure as our host for our cloud-based system Protege X.
However, many people have questions about what is the cloud, what is access control in the cloud, and how secure is it really?
With so much unknown, it’s no surprise that the perceived security risks of the cloud is the number one reason holding physical security industry professionals and end-users back from embracing cloud-based access control and security.
A lack of clear education about the cloud and its security leaves room for distrust to grow. So, let’s clear the air and get to know Microsoft Azure.
What is the cloud?
The cloud can be a vague term without much meaning but you’re probably more familiar with it than you may know. At its most basic, the cloud is just the internet. More specifically, the cloud is a global network of servers that allow you to access the software and databases that make up the internet. Google Drive, Dropbox, and Netflix are all everyday examples of the cloud in action. When you turn on Netflix, the movie isn’t stored on your TV or laptop, it’s stored in the cloud and you are accessing that through the internet.
The cloud truly means you can access your data from anywhere, at any time, on any internet connected device. But convenience isn’t the only advantage – built-in risk mitigation and security measures create a foundation you can trust.
Cybersecurity experts and experience
Know that you’re backed by decades of cloud and cybersecurity experience and best practices. With over a billion dollars annually invested in frameworks and teams, Microsoft has over 3500 dedicated cybersecurity experts working 24/7, 365 days a year on ensuring their suite is secure. Of these 3500 experts, 200 are professionals who continuously run penetration exercises on the Azure cloud system to identify potential vulnerabilities.
The number of cybersecurity experts employed by Microsoft
24 hours a day, 7 days a week, 365 days a year, Microsoft's security experts are protecting Azure.
The number of experts continuously running penetration exercises to identify potential vulnerabilities in Azure
Zero trust and multi-factor authentication
A key component of Protege X’s security is the Zero Trust Security Model. Summed up as “never trust, always verify”, devices – like a company computer – should never be trusted by default, even if the user has previously been approved. This best practice in cybersecurity mitigates the risk of malicious actors gaining access to sensitive data and is further backed by the use of multi-factor authentication (MFA).
MFA requires a user to take multiple steps to sign into their device or login to their account, such as using a password and using biometrics through an authentication app on their smartphone. MFA is used to log into any applications connected to the Protege X system and is managed by Azure Active Directory (Azure AD).
Built-in outage and disaster recovery
Azure datacenters are tightly secured, however, if anything were to happen, you can rest assured your data is safe thanks to built-in disaster recovery. Customer data is kept in two geographically separate locations, with uninterruptible power supplies thanks to vast banks of batteries and emergency generators for each center.
Data encryption in transit and at rest
Whether it’s in transit or at rest, all customer data is encrypted. Microsoft follows international standards enabling ‘encryption by default’ for all data in transit between datacentres, and Protege X is backed by Transport Layer Security – a communications security cryptographic protocol which ensures a secure, reliable, and confidential connection between two applications.
All data at rest is stored in the Azure SQL Database which has built-in encryption with symmetric encryption. Azure also uses best practices like Trusted Execution Environments (TEEs), which separate customer data from the main operating system, creating a secure environment that’s invisible to external parties, meaning malicious actors cannot gain access.
All data at rest is further protected by data segregation. Microsoft managed and customer networks are segregated from each other in Azure, protecting customer networks against attacks targeted at Microsoft managed networks, which is more common. However, it doesn’t stop there. To ensure customers can’t access each other’s networks, they’re further segregated using network virtualization methods.
Network virtualization consists of separating the software, like the Protege X application, from the hardware so that the network can run independently from the physical equipment supporting them. Each virtual network exists independently while still able to be managed from a centralized point, meaning a breach or incident in one customers’ network doesn’t impact the rest of the server.
Want to learn more about Microsoft Azure security as a hosted solution?