Microsoft Azure Security options - give customers confidence in the cloud
No area in Microsoft is growing faster or with more options than Azure, and no topic seems to be of more customer concern than cloud security. A Microsoft partner who can speak confidently about the various security offerings in Azure can build additional trust with their customers and earn additional projects.
Even if your company does not directly offer assistance with Azure or security, being able to discuss these services enough to lead your customer to the next steps will allow you to stay engaged longer and cement your reputation as an expert who deserves their next project and referral.
7 Azure Security options you need to know about
Market research firm MarketsandMarkets, predicts the cloud security market to be worth nearly $9B by 2019. That's a lot of opportunity for partners who can provide security and peace of mind to their customers. Here are the Azure Security options you'll want to be familiar with:
1. Key Vault
What is it?
A safe place to keep confidential information such as encryption keys and passwords.
Who is it for?
All application developers deploying new or updated systems to Azure.
Why would they use it?
No matter the application, there is someone on the Internet who will be willing to find security exploits. The consequences of having weak security range from embarrassment and headaches to major financial consequences and potentially physically dangerous situations.
Individual resources within a deployment (e.g. file storage) should be secured using access keys. But the question always comes up: How do we store those keys securely and still allow our application to access the resource? Storing in a config file is potentially dangerous—an attacker who gains access to one portion of your application could then have free run of the rest.
Key vault solves this problem by creating a secure place to hold application secrets. This is paired to the application in a way that makes it much more difficult for an attacker to access.
Where can I learn more?
The Microsoft Azure Key Vault documentation site is a great resource for finding additional information about this feature, including any updates.
2. Security Center
What is it?
A web portal which assists in the prevention, detection, and response to security attacks.
Who is it for?
System administrators and enterprise security managers with any type of resource hosted on Azure.
Why would they use it?
Corporate security policies should be enforced system-wide rather than individually per application. Loss control responses should be automatically handled by the appropriate authority rather than line-of-business system owners. Threat detection should be dedicated and centralised rather than spot-checked. Security Center enables all of this by exposing functions which previously required OS-level security experts and application developers.
Where can I learn more?
The introduction to Azure Security Center page gives you a detailed breakdown of key capabilities, best practices and recommendations, and steps to get started. You can learn more about some of the key features and capabilities of the Security Center from Tim Rains, Director, Security at Microsoft.
3. Azure Active Directory
What is it?
Enterprise single-sign-on, in the cloud or hybrid with on-premises. Useful even for very small businesses. (Like mine!)
Who is it for?
Any system administrator who wants to greatly reduce their to-do list when an employee joins or leaves their organisation.
Why would they use it?
Employees often pick whatever best-of-breed SaaS applications they need and then introduce them to the companies they work for using free trial sign-ups. That's great for their immediate productivity needs but terrible for long-term resource management. How do you control who has access to these tools, and what happens when people come and go?
By implementing a company-wide single-sign-on solution like Azure Active Directory and insisting that cloud applications be integrated with it in order to be used, a whole host of management headaches can be avoided. Azure Active Directory is a great pick because of its ease of use, flexible deployment model, and large number of pre-integrated applications.
Where can I learn more?
Read up on how Active Directory allows users to access cloud apps easily without compromising your organization's security. Then check out the Active Directory marketplace to configure the SaaS apps you and your team rely on.
4. Azure Active Directory B2C
What is it?
Identity management service for consumer-facing applications.
Who is it for?
Developers of consumer-facing applications who want to check a box on a challenging task quickly, instead of struggling with it for months.
Why would they use it?
The expectations on identity management of SaaS applications have evolved quickly in the past few years and will continue to do so. Gone are the days of a simple database table of users. Now organisations want applications that integrate with their single-sign-on system, and users want social media logins. Azure Active Directory B2C provides you one API to rule them all.
Where can I learn more?
Get great information on how to manage access and identities for customers on the Active Directory B2C site. Read how Microsoft extended Active Directory authentication—it shows the company's commitment to supporting collaboration and security.
5. Azure Active Directory Domain Services
What is it?
A new service which lets organisations move pre-cloud-era applications that depend on an on-premises Windows Domain to Azure without making additional changes.
Who is it for?
System administrators who want to benefit from cloud hosting their internal applications which may now be considered "legacy," without re-engineering the security model.
Why would they use it?
Two of the most common reasons for moving any application to Azure are the new mobility of the workforce and the costs of modernising aging infrastructure. However, there may be many reasons that it is impractical to upgrade an existing application—including lack of access to the source code. Azure Active Directory Domain Services helps solve these problems by allowing legacy applications to be hosted on Azure without needing to change their authentication process.
Where can I learn more?
Get an overview and create your free Active Directory DS account to see how the service works, then check out this article on 4sysops on how Domain Services differs from Active Directory.
6. Multi-Factor Authentication (MFA)
What is it?
A centrally managed service for requiring second proof of identity from users accessing cloud hosted or on-premises applications and services.
Who is it for?
For system administrators or application developers who want to make sure their users are who they say they are.
Why would they use it?
We all know that users are often not so great at choosing passwords, protecting passwords, and using a single password for multiple systems when they know they shouldn't. Who pays the price when those passwords are exploited? The organisation which owns the application or service. Two-factor authentication helps reduce the risk by requiring an additional factor to confirm identity.
Where can I learn more?
Get the details on MFA, and then check out the Microsoft Virtual Academy MFA Walkthrough video. This comprehensive video provides detailed information about MFA, how to set up the service, how the portal works, what the server features are, and how to upgrade.
7. Virtual Network and VPN Gateway
What is it?
The way to ensure that data of all types is secure as it travels between your organization's sites, your mobile workers, and the cloud.
Who is it for?
System administrators and enterprise security managers deploying any type of application or service to Azure for internal use.
Why would they use it?
Cloud hosting is not just for new applications. Applications that were "secured" by being accessed and used only within your internal network can benefit from cloud hosting too. In order to move these applications from on-premises to Azure, system administrators need to fulfill the promises that internal network security provided in the past: bad actors are kept out and data can't be read in-transit. This is where Azure VPN comes in. By creating a private network site-to-site, applications moved to the cloud have all of the same benefits they relied on when they were hosted locally.
Where can I learn more?
Check out the Virtual Network page for product information and how to get started. When you're ready to connect your infrastructure to the cloud, visit the VPN Gateway page to learn how.
To get an up-to-date and at-a-glance view of all of the services Azure offers, check out the Azure Platform Big Picture. With tonnes of developer, management, and security Azure-based tools, it's a great resource everyone should look into.
Once you know which of Azure's offerings can meet your customers' needs, be sure to explore the Microsoft Partner Network and the Microsoft Partner Community to find the partners who can help you implement and provide the security your customers are looking for.