How Secure is Azure?
2 likes1,863 views
The document outlines compliance standards and security measures related to Microsoft Azure services, highlighting certifications such as ISO 27001, SOC, and PCI DSS. It emphasizes security protocols, including access control lists, network segmentation, and the use of multiple network interface cards in virtual machines. Additionally, it discusses Microsoft Azure Storage's durability and geo-replication features for data protection and backup solutions.
How Secure is Azure?
- 1. Lai Yoong Seng Senior Consultant | MVP Hyper-V Yoongseng.lai@infrontconsulting.com | Infront http://www.ms4u.info
- 2. How secure?
- 3. Compliance with world class industry standard verified by third parties • ISO 27001/27002 • SOC 1/SSAE 16/ISAE 3402 and SOC 2 • Cloud Security Alliance CCM • FedRAMP • FISMA • FBI CJIS (Azure Government) • PCI DSS Level 1 • United Kingdom G-Cloud • Australian Government IRAP • Singapore MTCS Standard • HIPAA • EU Model Clauses • Food and Drug Administration 21 CFR Part 11 • FERPA • FIPS 140-2 • CCCPPF • MLPS http://azure.microsoft.com/en-us/support/trust-center/compliance/
- 4. • Regular testing by Microsoft • Security Assessment https://security-forms.azure.com/penetration-testing/terms https://security-forms.azure.com/penetration-testing http://technet.microsoft.com/en-us/security/ff852094
- 5. Existing Datacenter Active Directory SharePoint SQL Server Windows Azure Branch Datacenter Active Directory SharePoint SQL Server Windows Azure Point-to-Site VPN For Remote Users
- 6. • Username/Password • Patching • Access Control List (ACL)
- 7. Security Extensions Ability to deploy anti-virus solutions at provision time from: • Microsoft (Preview) • Symantec • Trend Micro
- 8. Inbound Traffic from Internet (Endpoints)
- 9. Network Security Groups (NSG) Enables network segmentation & DMZ scenarios Access Control List Filter conditions with allow/deny Individual addresses, address prefixes, wildcards Associate with VMs or subnets ACLs can be updated independent of VMs Virtual Network Backend 10.3/16 Mid-tier 10.2/16 Frontend 10.1/16 VPN GW Internet On Premises 10.0/16 S2S VPNs Internet
- 10. Access Control Lists Tighten security with Access Control Lists
- 11. Multiple NICs in Azure VMs Multiple NICs enable virtual appliances in Azure MAC/IP addresses persist through VM life cycle Separate frontend-backend traffic, and management-data planes Requires a virtual network and specific instance sizes Up to 4 NICs per VM Azure Virtual Machine NIC2 NIC1 Default Internet 10.2.2.2210.2.3.33 10.2.1.11 VIP: 133.44.55.66
- 13. Microsoft Azure Storage Highly Durable Storage
- 14. continuous storage geo-replication WEST DC EAST DC > 400 miles Microsoft Azure Storage Geo-Replicated Storage
- 15. Backup datacenter data to Windows using System Center Data Protection Manager Backup and recover files/folders from Windows Server 2012 Benefits Reliable offsite data protection Simple, familiar, integrated Efficient backup and recovery Easy set up Your On-Premises Datacenter
- 18. www.ms4u.info Virtual Lai’s Blog Q&A Microsoft Azure Trust Center:- http://azure.microsoft.com/en- us/support/trust-center/security/ Azure Security, Privacy and Compliance :- http://go.microsoft.com/fwlink/?l inkid=392408&clcid=0x409 Thank you
Editor's Notes
- #4: Microsoft makes it easier for customers to achieve compliance for the infrastructure and applications they run in Azure. ISO/EC 27001:2005 is a standard that specifies requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System.
- #5: customers to carry out authorized penetration testing on their applications hosted in Azure. Because such testing can be indistinguishable from a real attack, it is critical that customers conduct penetration testing only after obtaining approval in advance from Azure Customer Support.
- #6: Built-in SSL and TLS cryptography enables customers to encrypt communications within and between deployments, from Azure to on-premises datacenters, and from Azure to administrators and users. 1st- Site to Site VPN -setup a vpn tunnel- 2nd – Site to Multisite VPN 3rd – Vnet to Vnet 4th – Point to site VPN -client computer can connect using certificate (protected connection)
- #7: No Admin/Administrator Password – 8 char long (must contain upper case,lower case, number & a special char
- #13: How it work? We store data is 3 disk – like mirror
- #14: If die, it is durable. Azure will mark as die and create another copy
- #15: If 3 disk not enough, you can enable geo redundant by replicating to another DC. (more than 400 miles away) Why 400 miles?
- #17: Data (It your own) – own control No advertising or Commercial If request, then will redirect to user