未加星标

Safeguarding your cloud resources with Azure security services

字体大小 | |
[系统(windows) 所属分类 系统(windows) | 发布者 店小二04 | 时间 2017 | 作者 红领巾 ] 0人收藏点击收藏

While cloud security continues to be a top concern, we recently shared insights from a survey that show overall concern has dropped significantly since 2015. We’re now at a stage where half of organizations contend the cloud is more secure than their on-premises infrastructure. In conversations I have with our customers and partners, I hear increasingly about how using the cloud improves an organizations’ security posture. As many organizations push forward on their digital transformation through increased use of cloud services, understanding the current state of cloud security is essential.

Maintaining a strong security posture for your cloud-based innovation is a shared responsibility between you and your cloud provider. With Microsoft Azure, securing cloud resources is a partnership between Microsoft and our customers, so it’s essential that you understand the comprehensive set of security controls and capabilities available to you on Azure.

Microsoft Azure is built on a foundation of trust and security. With significant investments in security, compliance, privacy, and transparency, Azure provides a secure foundation to host your infrastructure, applications, and data in the cloud. Microsoft also provides built-in security controls and capabilities to further help you protect your data and applications on Azure. These can be classified broadly into four categories:

Manage and control user identity and access:Comprehensive identity management is the linchpin of any secure system. You must ensure that only authorized users can access your environments, data, and applications. Azure Active Directory serves as a central system for managing access across all your cloud services, including Azure, Office 365, and hundreds of popular SaaS and PaaS cloud services. Its federation capability means that you can use your on-premises identities and credentials to access those services, and Azure Multi-Factor Authentication provides for the most secure sign-on experience.

Increase network and infrastructure security:Azure provides you the security-hardened infrastructure to interconnect Azure VMs as well as make connections to on-premises datacenters. Additionally, you can extend your on-premises network to the cloud using secure site-to-site VPN or a dedicatedAzure ExpressRoute connection. You can strengthennetwork security by configuring Network Security Groups, user-defined routing, IP forwarding, forced tunneling, endpoint ACLs, and Web Application Firewall as appropriate.

Encrypt communications and operation processes:Azure uses industry-standard protocols to encrypt data in transit as it travels between devices and Microsoft datacenters, and when it is stored inAzure Storage. You can also encrypt your virtual machine disks using Azure Disk Encryption .Azure Key Vault enables you to safeguard and control cryptographic keys and other secrets used by cloud apps and services. Azure Information Protection will help you classify, label, and protect your sensitive data.

Defend against threats:Microsoft enables actionable intelligence against increasingly sophisticated attacks using our network of global threat monitoring and insights. This threat intelligence is developed by analyzing a wide variety of signal sources and a massive scale of signals. (For example, customers authenticate with our services over 450 billion times every month, and we scan 200 billion emails for malware and phishing each month. ) Our approach to protect the Azure platform includes intrusion detection, distributed denial-of-service (DDoS) attack prevention, penetration testing, behavioral analytics, anomaly detection, and machine learning. You can leverage additional services to develop a strong threat prevention, detection, and mitigation strategy.

Azure Active Directory Identity Protection helps you protect and mitigate against the risks from compromised identities. It offers a cloud powered, adaptive machine learning based identity protection system that can detect cyber-attacks, mitigate them in real time, and automatically suggest updates to your Azure AD configuration and conditional access policies. Services like Antimalware for Azure and Azure Security Center use advanced analytics to not only help in detecting threats but also prevent them. Azure Security Center helps you get a central view of the security state of all your Azure resources in real time, including recommendations for improving your security posture. You can use Operations Management Suite to extend the threat prevention, detection and quick response across Azure and other environments (on-premises, AWS).Log Analytics service will give you real-time insights to readily analyze millions of records across all of your workloads regardless of their physical location.

These are just a few examples of the broad set of security controls and services available to you with Azure. Over the past year, we have expanded the portfolio with many new security services and ongoing enhancements .

Microsoft is committed to continued innovation in helping you protect your data, applications, and identities in the cloud. Innovations we have delivered most recently include:

New capabilities and enhancements in Azure Security Center available for preview this month include Just In Time network access to VMs, automatic discovery and recommendations for application whitelisting, and expanded Security Baselines with more than 100 recommended configurations defined by Microsoft and industry partners. Our research team continues to monitor the threat landscape and innovate on detection algorithms. Some new threat detections available to customers include Brute Force detections, outbound DDoS and Botnet detections, as well as new behavioral analytics for windows and linux VMs. Preview of Storage Service Encryption for File Storage. IT organizations can lift and shift their on-premises file shares to the cloud using Azure Files by simply pointing the applications to the Azure file share path. Azure Files now offer enhanced protection with the ability to encrypt data at rest. Azure SQL Database Threat Detection is already available in preview. Last week the team announced that it will be generally available in April 2017. Azure SQL Database Threat Detection provides an additional layer of security intelligence built into the Azure SQL Database service that uses machine learning to continuously monitor, profile, and detect suspicious database activity to help customers detect and respond to potential threats.

With these tools, organizations are able to securely transition to the cloud while also complying with regulatory requirements.Read how Ricoh USA Inc. discovered that Azure exceeds the level of security it could previously offer its customers.

Azure has a vibrant partner ecosystem, so it’s also easy to bring your trusted cloud security vendor with you, enabling you to leverage your existing security solutions. Find partner security solutions in Azure Marketplace.

Microsoft Azure at RSA 2017

For those of you attending RSA Conference this week in San Francisco , we hope to connect with you at the show. You can:

See the keynote by Brad Smith, President and Chief Legal Officer at 8:35AM PST. You can stream it live if you’re not at RSA. Attend our sessions: A Vision for Shared, Central Intelligence to Ebb a Growing Flood of Alerts: SP03-T09 How to Go from Responding to Hunting with Sysinternals Sysmon: HTA-T09 Critical Hygiene for Preventing Major Breaches: CXO-F02 Advances in Cloud-Scale Machine Learning for Cyber-Defense: EXP-T11 Learnings from the Cloud: What to Watch When Watching for Breach: STR-W11 Visit Booth 3501 in the North Expo Hall and learn how Microsoft solutions work together to improve your organization’s security posture. See the complete Microsoft schedule for RSA 2017. Hope to see you in San Francisco!

本文系统(windows)相关术语:三级网络技术 计算机三级网络技术 网络技术基础 计算机网络技术

主题: SQLLinuxWindowsPaaSOfficeInc.VPNVaultSaaS
分页:12
转载请注明
本文标题:Safeguarding your cloud resources with Azure security services
本站链接:http://www.codesec.net/view/535148.html
分享请点击:


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 系统(windows) | 评论(0) | 阅读(59)