+971 50 971 0569
+971 50 971 0569
Design and Operational Excellence
Windows Azure security, privacy, and compliance begin with a trustworthy technology foundation. Microsoft creates, implements, and continuously improves security aware software development, operational, and threat mitigation practices. This helps customers reduce the time and money they spend on implementing and maintaining the security of their computing platform.
Security Centers of Excellence
Microsoft engages in industry-leading security efforts through the creation of centers of excellence, including the Microsoft Digital Crimes Unit, Microsoft Cybercrime Center, and Microsoft Malware Protection Center.
Designing for security from the ground up
Windows Azure development adheres to the Security Development Lifecycle (SDL). The SDL became central to Microsoft’s development practices a decade ago and is shared freely with the industry and customers. It embeds security requirements into systems and software through the planning, design, development, and deployment phases.
Keeping operations safe
Windows Azure adheres to a rigorous set of security controls that govern operations and support. The Windows Azure team works with other entities within Microsoft such as Office 365 and the Microsoft Operational Security Assurance (OSA) group to identify risks and share information, supporting continuous improvement in operational controls. This increases the ability to “With Windows Azure, we don’t have to worry about data center infrastructure
Assume breach.
One key operational best practice that Microsoft uses to harden its cloud services is known as the “assume breach” strategy. A dedicated “red team” of software security experts simulates real-world attacks at the network, platform, and application layers, testing Windows Azure’s ability to detect, protect against, and recover from breaches. By constantly challenging the security capabilities of the service, Microsoft can stay ahead of emerging threats.
Incident response.
Windows Azure has a global, 24×7 incident response service that works to mitigate the effects of attacks and malicious activity. The incident response team follows established procedures for incident management, communication, and recovery, and uses discoverable and predictable interfaces internally and to customers.
AFKAAR IT Solutions offers high-availability services through its high-grade data centers, expertise on hyperscalers, support for hybrid clouds, multi availability zones and four-way disaster recovery architecture, with a zero data loss guarantee backed by SLAs.
24-hour monitored physical security
Microsoft data centers are physically constructed, managed, and monitored 24 hours a day to shelter data and services from unauthorized access as well as environmental threats.
Monitoring and logging
Centralized monitoring, correlation, and analysis systems manage the large amount of information generated by devices within the Windows Azure environment, providing continuous visibility and timely alerts to the teams that manage the service. Additional monitoring, logging, and reporting capabilities provide visibility to customers.
Patch management
Security patches help protect systems from known vulnerabilities. Integrated deployment systems manage the distribution and installation of security updates for the Windows Azure service. Customers can apply similar update management processes for virtual machines (VMs) deployed on Windows Azure. Security, Privacy, and Compliance in Windows Azure
Anti-Virus/Anti-Malware protection
Customers can install Microsoft Endpoint Protection or another antivirus solution on VMs and VMs can be routinely reimaged to clean out intrusions that may have gone undetected.
Intrusion detection/Distributed Denial of Service (DDoS) Defense
Windows Azure uses standard detection and mitigation techniques such as SYN cookies, rate limiting, and connection limits to protect against DDoS attacks. The Windows Azure DDoS defense system is designed to withstand attacks from outside the system as well as attacks staged by other customers.
Penetration testing
Microsoft conducts regular penetration testing to improve Windows Azure security controls and processes. Customers can carry out authorized penetration testing on their applications hosted in Windows Azure.
WINDOWS AZURE NETWORKING PROVIDES THE INFRASTRUCTURE NECESSARY TO SECURELY CONNECT VMS TO ONE ANOTHER AND TO CONNECT ON-PREMISES DATA CENTERS WITH WINDOWS AZURE VMS. WINDOWS AZURE BLOCKS UNAUTHORIZED TRAFFIC TO AND WITHIN MICROSOFT DATA CENTERS USING A VARIETY OF TECHNOLOGIES SUCH AS FIREWALLS, NATS, PARTITIONED LOCAL AREA NETWORKS, AND PHYSICAL SEPARATION OF BACK-END SERVERS FROM PUBLIC-FACING INTERFACES.
Network isolation
Windows Azure is designed to isolate networks across Software as a Service, Platform as a Service, and Infrastructure as a Service deployment models. Network isolation prevents unwanted tenant-to- tenant communications, and access controls block unauthorized users from the network. Virtual machines do not receive inbound traffic from the Internet unless customers configure them to do so.
Virtual networking
Customer can assign multiple deployments within a subscription to a virtual network and allow those deployments to communicate with each other through private IP addresses. Each virtual network is isolated from other virtual networks.
Encrypting communications
Built-in cryptographic technology enables customers to encrypt communications within and between deployments, between Windows Azure regions, and from Windows Azure to on-premises data centers. Encryption can be configured to protect administrator access to virtual machines through remote desktop sessions and remote Windows PowerShell. Access to the Windows Azure Management Portal is encrypted by default using HTTPS. Security, Privacy, and Compliance in Windows Azure P A G E | 08 Using Express Route. Customers can use an optional Express Route private fiber link into Windows Azure data centers to keep their traffic off the Internet.
Express Route
Customers can use an optional Express Route private fiber link into Windows Azure data centers to keep their traffic off the Internet.
IDENTITY AND ACCESS WINDOWS AZURE ENABLES CUSTOMERS TO CONTROL ACCESS TO THEIR ENVIRONMENTS, DATA AND APPLICATIONS. MICROSOFT OFFERS COMPREHENSIVE AND FEDERATED IDENTITY AND ACCESS MANAGEMENT SOLUTIONS FOR CUSTOMERS TO USE ACROSS WINDOWS AZURE AND OTHER SERVICES SUCH AS OFFICE 365, HELPING THEM SIMPLIFY THE MANAGEMENT OF MULTIPLE ENVIRONMENTS AND CONTROL USER ACCESS ACROSS APPLICATIONS.
Enterprise cloud directory
Windows Azure Active Directory is a comprehensive identity and access management solution in the cloud. It combines core directory services, advanced identity governance, security, and application access management. Windows Azure Active Directory makes it easy for developers to build policy based identity management into their applications. Windows Azure Active Directory Premium includes additional features to meet the advanced identity and access needs of enterprise organizations.
Access monitoring and logging:
Security reports are used to monitor access patterns and to proactively identify and mitigate potential threats. Microsoft administrative operations, including system access, are logged to provide an audit trail if unauthorized or accidental changes are made. Customers can turn on additional access monitoring functionality in Windows Azure and use third party monitoring tools to detect additional threats. Customers can request reports from Microsoft that provide information about user access to their environments.
Strong authentication
Windows Azure Multi-Factor Authentication reduces organizational risk and helps enable regulatory compliance by providing an extra layer of authentication, in addition to a user’s account credentials, to secure employee, customer, and partner access. Windows Azure Multi Factor Authentication can be used for both on-premises and cloud applications.
Role-based access control
Multiple tools in Windows Azure support authorization based on their role, simplifying access control across defined groups of users.
DATA PROTECTION BOTH TECHNOLOGICAL SAFEGUARDS, SUCH AS ENCRYPTED COMMUNICATIONS, AND OPERATION PROCESSES HELP KEEP CUSTOMER DATA SECURE. CUSTOMERS HAVE THE FLEXIBILITY TO IMPLEMENT ADDITIONAL ENCRYPTION AND MANAGE THEIR OWN KEYS.
Data in transit
Windows Azure uses industry standard transport protocols such as SSL and TLS between user devices and Microsoft data centers, and within data centers themselves. With virtual networks, customers can use industry standard IPsec protocol to encrypt traffic between their corporate VPN gateway and Windows Azure. Customers can enable encryption for traffic between their own VMs and end users.
Data at rest
Customers are responsible for ensuring that data stored in Windows Azure is encrypted in accordance with their standards. Windows offers a wide range of encryption capabilities up to AES- 256, giving customers the flexibility to choose the solution that best meets their needs. Options include .NET cryptographic services, Windows Server public key infrastructure (PKI) components, Microsoft StorSimple cloud-integrated storage, Active Directory Rights Management Services (AD RMS), and BitLocker for data import/export scenarios.
Data segregation
Windows Azure is a multi-tenant service, meaning that multiple customers’ deployments and virtual machines are stored on the same physical hardware. Windows Azure uses logical isolation to segregate each customer’s data from that of others. This provides the scale and economic benefits of multitenant services while rigorously preventing customers from accessing one another’s data.
Data destruction
When customers delete data or leave Windows Azure, Microsoft follows strict standards for overwriting storage resources before reuse, as well physical destruction of decommissioned hardware.
Privacy Microsoft recognizes that cloud services raise unique privacy challenges for businesses. That is why it implements strong privacy protections in Windows Azure services and makes commitments to safeguard the privacy of customer data. In addition, Microsoft provides customers with visibility into where their data resides and who has access to it.
Privacy by Design
With Microsoft, customers can expect Privacy by Design, a policy that guides how Microsoft builds products and services, how services are operated, and how internal teams are organized.
Contractual commitments
Microsoft is unique among major cloud service providers in providing cloud-service specific privacy statements and making strong contractual commitments to safeguard customer data and protect privacy. Microsoft makes the standard contractual clauses created by the European Union (known as the “EU Model Clauses”) available to enterprise customers to provide additional contractual guarantees concerning transfers of personal data.
Control over data location
For many customers, knowing and controlling the location of their data can be an important element of data privacy compliance and governance. Windows Azure customers can specify the geographic areas where their customer data is stored. Data may be replicated within a geographic area for redundancy, but will not be transmitted outside it. including exceptions to this policy, Windows Azure Trust Center.
Restricted data access and use
Access to customer data by Microsoft personnel is restricted. Customer Data is only accessed when necessary to support the customer’s use of Windows Azure. This may include troubleshooting aimed at preventing, detecting or repairing problems affecting the operation of Windows Azure and the improvement of features that involve the detection of, and protection against, emerging and evolving threats to the user (such as malware or spam). When granted, access is carefully controlled
and logged. Strong authentication, including the use of multifactor authentication, helps limit access to authorized personnel only. Access is revoked as soon as it is no longer needed.
Restricted data access and use
Windows Azure does not share Customer Data with its advertiser-supported services, nor is customer data mined for advertising.
AI: Hello human, I am a GPT powered AI chat bot. Ask me anything!