There is no doubt that public cloud gives our customers a considerable edge in terms of performance and cost but often there is concern and misunderstanding around information security.

We believe that the correct use of tools both in the platforms but also through leading vendors such as Barracuda, security can be enhanced over on-premise.

Fortunately, the public cloud providers have all recognised that this misunderstanding does exist and, to varying degrees, now offer a wide variety of features and mechanisms to address this.

The “CIA triad” defines the three most crucial components of Information Security (http://whatis.techtarget.com/definition/Confidentiality-integrity-and-availability-CIA). Therefore, any feature that helps to provide better Confidentiality, Integrity or Availability can be regarded as having an InfoSec aspect.

There is plenty of coverage elsewhere of Azure security but these other articles are usually organised by functional area. For a change, the table below lists some of the numerous such features available in Azure (and, in some cases, Office 365) in a good old-fashioned ‘A-Z’ format.

Hopefully, the sheer length of this list will serve to illustrate the capabilities Azure offers for a deployment that can meet your security requirements, and likely exceed your on-premises information security posture.

FeatureDescriptionMore info
AAssume BreachMicrosoft’s guiding principle for Cloud Securityhttps://blogs.msdn.microsoft.com/azuresecurity/2015/10/19/an-insiders-look-at-the-security-of-microsoft-azure-assume-the-breach/
AuditingAuditing and logging of security-related events, and related alerts, are important components in an effective data protection strategy.https://docs.microsoft.com/en-us/azure/security/azure-log-audit/>https://docs.microsoft.com/en-us/azure/security/azure-log-audit/
Application GatewayLayer 7 load-balancerhttps://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-introduction/
Availability SetsIncrease the availability of VMs providing the same servicehttps://docs.microsoft.com/en-us/azure/virtual-machines/windows/tutorial-availability-sets/
AutoscalingAutomatically increase or decrease service capacityhttps://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview-autoscale/
BBlue TeamInternal security penetration testing of Microsoft Azurehttps://azure.microsoft.com/en-gb/resources/videos/red-vs-blue-internal-security-penetration-testing-of-microsoft-azure/
BackupBack up and restore your data in the Microsoft cloudhttps://docs.microsoft.com/en-us/azure/backup/backup-introduction-to-azure-backup/
CContent Delivery NetworkReduce load times, save bandwidth and increase responsiveness of websites or mobile appshttps://azure.microsoft.com/en-gb/services/cdn/
ComplianceComprehensive set of compliance offerings (including certifications and attestations)https://www.microsoft.com/en-us/trustcenter/compliance/default.aspx/
Cloud ShellBrowser based command line management https://azure.microsoft.com/en-gb/features/cloud-shell/
DDisk EncryptionBitLocker for your Azure VMshttps://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption/
Data ProtectionClassify data based on sensitivity and apply persistent data protection to your most critical assets.https://www.microsoft.com/en-gb/cloud-platform/information-protection/
EEncryptionAzure offers multiple ways to encrypt datahttps://docs.microsoft.com/en-us/azure/security/security-azure-encryption-overview/
ExpressRoutePrivate on-premises to Azure network circuitshttps://azure.microsoft.com/en-gb/services/expressroute/
EMSIdentity-driven innovations help you stay secure and productive on your favourite apps and deviceshttps://www.microsoft.com/en-gb/cloud-platform/enterprise-mobility-security/
FFederation ServicesEnable users to authenticate using on-premises credentials and access all resources in cloudhttps://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-azure-adfs/
GG-Cloud Impact Level 2 Accreditation IL2 accreditation for UK governmenthttps://blogs.msdn.microsoft.com/ukgovernment/2013/04/04/windows-azure-receives-g-cloud-impact-level-2-accreditation-from-cabinet-office-for-use-across-the-uk-public-sector/
Geo-redundancyWorkloads and data geo-replicated to ensure highest SLAhttps://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy/
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-geo-replication-overview/
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/app-service-web-app/multi-region/
HHybrid identity managementIdentity is the new control planehttp://download.microsoft.com/download/D/B/A/DBA9E313-B833-48EE-998A-240AA799A8AB/Hybrid_Identity_White_Paper.pdf/
IIdentity ProtectionDetect and respond to suspicious identity related eventshttps://docs.microsoft.com/en-us/azure/active-directory/active-directory-identityprotection/
Information ProtectionClassify, label, and protect its documents and emailshttps://docs.microsoft.com/en-us/information-protection/understand-explore/what-is-information-protection/
IDS/IPSDetect and respond to suspicious network related eventshttps://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-intrusion-detection-open-source-tools/
JJIT accessOpen network ports for limited timeshttps://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time/
KKey VaultSecurely store keys and secretshttps://azure.microsoft.com/en-gb/services/key-vault/
LLog AnalyticsGet deeper visibility into your hybrid IT environment, including Azure and on-premises resources.https://azure.microsoft.com/en-gb/services/log-analytics/
Load-balancingLayer 4 load-balancer for VMshttps://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview/
MMulti-factor authenticationAdd a critical second layer of security to user sign-ins and transactionshttps://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication/
Mobile Device Management with InTuneSecurely manage iOS, Android, Windows, and macOS devices from a single, unified mobile solutionhttps://www.microsoft.com/en-gb/cloud-platform/microsoft-intune/
MonitorBase-level infrastructure metrics and logs for most services in Microsoft Azurehttps://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview-azure-monitor/
NNetwork Security GroupsFirewalling for your VM NICs or subnetshttps://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-nsg/
Network Virtual AppliancesNext Generation firewalls on the Azure Marketplacehttps://azure.microsoft.com/en-gb/solutions/network-appliances/
OOperations Management Suite (OMS) Security & ComplianceThreat detection and prevention through advanced cloud securityhttps://www.microsoft.com/en-gb/cloud-platform/security-and-compliance/
PPolicyActive control and governance at scale for your Azure resourceshttps://azure.microsoft.com/en-us/services/azure-policy/
Privileged Identity Management Manage, control, and monitor access within your organizationhttps://docs.microsoft.com/en-us/azure/active-directory/active-directory-privileged-identity-management-configure/
QQoSQoS with ExpressRoute and Skype for Businesshttps://azure.microsoft.com/en-gb/blog/tag/qos/
RRBACEnable fine-grained access managementhttps://docs.microsoft.com/en-us/azure/active-directory/role-based-access-control-configure/
SSSOSingle Sign On for Cloud based appshttps://docs.microsoft.com/en-us/azure/active-directory/active-directory-appssoaccess-whatis/
Shared Access SignaturesGrant limited access to objects in your storage account to other clients, without exposing your account keyhttps://docs.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signature-part-1/
(VM) Scale SetsMake it easier to build large-scale services that target big compute, large data, and containerized workloads.https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-overview/
Site RecoveryCloud based Disaster Recoveryhttps://azure.microsoft.com/en-gb/services/site-recovery/
Security CenterGet a unified view of security across all of your on-premises and cloud workloadshttps://azure.microsoft.com/en-gb/services/security-center/
TTrust CenterLearn how Security is embedded into Azurehttps://azure.microsoft.com/en-gb/overview/trusted-cloud/
Traffic ManagerControl the distribution of user traffic for service endpoints in different data centreshttps://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-overview/
Threat IntelligenceIdentify security threats against the environmenthttps://docs.microsoft.com/en-us/azure/security-center/security-center-threat-intel/
UUser Defined RoutingEnsure your network traffic goes where you want it tohttps://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview/
VVPNsEncrypted client and branch office network connections to Azurehttps://azure.microsoft.com/en-gb/services/vpn-gateway/
Vulnerability Assessment solutionsQualys vulnerability assessment on the Azure Marketplacehttps://docs.microsoft.com/en-us/azure/security-center/security-center-vulnerability-assessment-recommendations/
Vnet Service EndpointsSecure PaaS services to your virtual networkshttps://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview/
WWindows Server CIS hardened imagesIndustry standard hardening ‘out-of-the-box’ttps://azuremarketplace.microsoft.com/en-us/marketplace/apps/center-for-internet-security-inc.cis-windows-server-2016-v1-0-0-l1?tab=Overview/
XXplat CLICross-platform CLI - an alternative to PowerShell for command line managementhttps://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest/
YYearly commitmentGet prioritised compute capacity in Azure regions with Reserved Instanceshttps://azure.microsoft.com/en-gb/pricing/reserved-vm-instances/
Z(Availability) ZonesAutomatically place VMs providing the same service in different data centres to protect you from data centre-level failureshttps://docs.microsoft.com/en-us/azure/availability-zones/az-overview/
ZertoReplication and orchestration from VMware vSphere and Hyper-V environments to Azure.https://azuremarketplace.microsoft.com/en-us/marketplace/apps/zerto.zerto-cloud-appliance-50/

The pace of development in this particular area of public cloud is at times dizzying, with new features being added almost daily.

If you would like to discuss security in the public cloud with a consultants who have extensive experience in this area, please contact us at nmartin@systemsup.co.uk or fill in you details on our contact page.

Related Post