December 8, 2014 Leave a comment
Identity and Access
Controlling who can access which resources is key for Cloud projects. Recently I was talking with a customer that has external users (partners) and internal users and the ability to centralize and manage the access for those users is essential.
Azure provides ways for customers to federate user identities to Azure Active Directory as well as enabling Multi-Factor Authentication and the new Role Based Access Control (RBAC) features can be used to restrict access and permissions for specific cloud resources.
To help detect suspicious access, Azure Active Directory offers reports that alert you to anomalous activity, such as a user logging in from an unknown device. In addition, operational logging and alerting capabilities can notify customers if someone stops a website or if a virtual machine is deleted. It is possible also to use an on premise System Center Operations Manager to monitor the availability and performance of resources that are running on Windows Azure.
The reports provides up to 30 days of data representing key changes in the directory, providing the action, timestamp, the user/application that performed the action, and the user/application on which the action was performed.
With new VNET-to-VNET connectivity, multiple virtual networks can be directly and securely linked to one another. In addition, ExpressRoute is now generally available, enabling customers to establish a private connection to Azure datacenters, keeping their traffic off the Internet. Building on those enhancements, Microsoft also introduced Network Security Groups for easier subnet isolation in multi-tier topologies.
Azure uses industry-leading capabilities, including recent enhancements to TLS/SSL cipher suites and Perfect Forward Secrecy, to encrypt content flowing over the internet between the customer and the Azure service
Microsoft is committed to advancing cloud security with a goal to not only meet, but exceed the level of protection most enterprises have in place on-premises or in their own datacenters. For the latest information on security features and best practices, visit the Microsoft Azure Trust Center.