17 Dec 2020

Your Data, Is It Safe on Microsoft Azure Platform?

Is my data safe in Azure Cloud? 

Is the Azure Cloud platform safe? 

What kinds of security does Azure Cloud platform have?

These are some of the common questions that we have in our mind when comes to deciding whether to move our data towards the Azure cloud environment, or are we bound to be subjected to hackers, viruses and all other forms of attacks because our data is not with us but in the hands of Microsoft?

Well truthfully, it is not as simple as if your data is safe or is the cloud safe because if you are looking at it as a whole we have to do some comparisons on both local environment and cloud platform. Also we would have to dig into other parts of the service such as security features, planning and design of your environment in Azure Cloud. Let us explore the physical network and cloud network via Microsoft Azure.

Figure 1 shows physical and cloud architecture (IaaS, Paas and Saas)

This figure basically explains how the cloud architecture is divided into different service levels.

Physical Network

Let’s start with feature comparisons between local environment and cloud environment. On your local or LAN/WAN architecture in your enterprise you will probably 

  • Design it with some network switches for connectivity between client and servers
  • Procure routers to connect you to the internet and to your enterprise intranet
  • Add Firewalls to protect you from unauthorized access
  • Also you might have some IDS and IPS systems in place to protect against intrusions.

We are just looking at the network layer in this example. All these products and devices will help you in regards to your security where you might add some ACL (Access Control Lists) to either block or allow traffic into your network, we won’t go into specifics but this is how you will protect your network in most cases on your LAN/WAN.

Azure Cloud Network 

Now we take a look into the Azure Cloud Networking environment where you would procure a service called VNets. This is similar to all the hardware that it takes to build your private network. VNet is considered as a private network due to VNet is an isolated network stack environment in the cloud. In summary, the Cloud Network has equivalent security features as physical networks. 

This system is close to impossible to hack as it is an isolated private network stack (unless you provide your cloud account or provide access personally to the hacker). Additionally, this service also has all the routing and switching capabilities which are similar to your physical network.

By default, we would also include other services for security for example 

  • Network Security Groups (NSG), which can be applied directly to VM’s or subnets in the Azure Cloud Environment that help to block or allow ports from source IP to Destination IP. This service alone can help protect against a lot of different scenarios which is similar to the concept Access Control Lists (ACL) in networking and this service is provided for free as long as you use Microsoft Azure Cloud Services. With this feature, this makes Azure Cloud Network as secure as Physical Network where you are the architect of your own security on the cloud in terms of what traffic you wish to allow into your environment.
  • Web Application Firewall(WAF), that helps protect your web applications from common threats such as SQL injection, cross-site scripting, and other web exploits
  • Azure Identity and Access Management (IAM) – Where the super admin is able to control Role-Based Access control (RBAC), to manage Azure resources. Using RBAC, you can segregate duties within your team and grant only the amount of access to users that they need to perform their jobs. Although this service is used for user/account management it can act as a layer of security for your cloud environment.

If all the above does not clarify some of the concerns regarding the Security features of Azure Cloud, Microsoft complies to all international standards with more than 90 certifications specific to 50 global regions. As for Malaysia additionally, Microsoft follows the Personal Data Privacy Act and also complies with the certifications in privacy requirements such as ISO 27001 and ISO 27018.  

All in all, Microsoft Azure as a global cloud provider does take on huge measures to protect your data privacy to ensure that everything is protected from their end. Although this is the case, as they do provide various methods but if you architect your network environment incorrectly and open up a certain port for attack then everything can go sour. So my take on this would be simply “you are the architect of your environment in the cloud”.

Microsoft Azure provides a good environment for us to deploy our servers but in the end, it is something we have to architect and secure ourselves with the help of their security features or our security knowledge. This is just my point of view and I hope it provides some perspective regarding cloud security.

Written by Praveen Nair

Leave a Reply

Your email address will not be published. Required fields are marked *