How secure is Microsoft Azure? Should I trust it?
We have the privilege to be witnesses of the IT evolution. Yes, it’s EVOLUTION and not revolution. The most important difference is that the first cannot be stopped. The IT is changing exponentially – which means that it happens faster than ever before and will be changing even faster.
We also see IT become more service oriented – we tend to lease or rent services like computing power, space to store our data, software usage on a subscription basis. You do not have to think deeply to see that this model has been cultivated and practiced over many, many years. Electricity or water is one of the examples of something we do not produce (ok, some are producing for themselves) but something we lease from the producer. So, in the end, we have a power plug (instead of power stations or power plants) in our households and to be honest, we do not care what’s on the other side of the power plug and its cable. What we do care is the electricity contract parameters – the SLA, electric current characteristics and of course – the price. How the power is produced, managed, how many transformers are there or what technologies are used is something we do not have to think about. We just plug in any electrical appliances, and we expect them to work. The same applies to water infrastructure – we just have a tap in our kitchen, and we use water whenever needed. Of course, some of us are building wells or private power stations (solar or powered by wind or water).
The same approach as described above applies to IT for a long time; it’s just that for some time now it is named with “cloud” word. So we can have a private cloud (everything that we have used over the last years and what is considered as infrastructure kept in our own Datacenters) or a public cloud (so it’s still the Datacenter but owned by someone else and delivered to us in the form of a service). What service exactly? As many times probably discussed already, we have different “as a service” models – IaaS, PaaS, SaaS (ref. https://en.wikipedia.org/wiki/Cloud_computing ).The characteristic of a public cloud is that it is agile, cost-effective, increases productivity, can scale very quickly, have an excellent reliability (disaster recovery, backup) and SLA, and many others that you probably are familiar with.
One of the most important things about public cloud is how secure it is? Every public cloud provides (or at least should provide) security resources and mechanisms for its customers. It could be both: technical and non-technical to make sure your assets, whatever they are, are protected. What is the most important is your privacy so that your data and information are secured regarding at least confidentiality, integrity and also availability. Moreover, infrastructure used to store, exchange and process your data should be prone to the latest security threats and bad guys trying to use the most distinguished methods of modern attacks.
So how Microsoft public cloud – Azure cloud is doing? In this series of articles, I’ll give you a better overview of some of Microsoft approaches toward making security matters. I will also discuss how your data is secured, privacy is protected, and how Microsoft keep bad guys away and at the same time be compliant with different regulations, standards, policies and law when using Microsoft Azure.
You can expect following topics covered in the series of articles:
- “How secure is Microsoft Azure? Should I trust it?”. This introduction.
- “Have you been hacked? No? Are you willing to bet on this?”. I give you an overview of numbers and situation of the current cyber threats and required cybersecurity means to fight with it.
- “Microsoft Azure – Security”. The description on how Microsoft is securing your data regarding physical, logical access.
- “Microsoft Azure – Privacy and Control”. Many times I hear questions about trust and about uncertainty where data stored in a public cloud is located. I try to explain how Microsoft is dealing with this topic.
- “Microsoft Azure – Transparency”. A few words on Microsoft approach to be transparent regarding regulations, audits, process and everything that deals with Microsoft Azure so that customers have a excellent view on how their data and services are being managed.
- “Microsoft Azure – Compliance”. Have you ever thought how many global, local and non-standard certifications, ISO, regulations are out there? Many… Which of them Microsoft Azure is meeting is described in this article.
- “Microsoft Azure – Security Summary”. Those are my thoughts and conclusions on Microsoft Azure security, privacy, control, transparency and compliance.
Please be aware that there may be lots of other things within these topics to be described or added, however, I would like to focus on those biggest / most important so to give you an overview of numbers and scale we are talking about.