There is no doubt that public cloud gives our customers a considerable edge in terms of performance and cost but often there is concern and misunderstanding around information security.

We believe that the correct use of tools both in the platforms but also through leading vendors such as Barracuda, security can be enhanced over on-premise.

Fortunately, the public cloud providers have all recognised that this misunderstanding does exist and, to varying degrees, now offer a wide variety of features and mechanisms to address this.

The “CIA triad” defines the three most crucial components of Information Security ( Therefore, any feature that helps to provide better Confidentiality, Integrity or Availability can be regarded as having an InfoSec aspect.

There is plenty of coverage elsewhere of Azure security but these other articles are usually organised by functional area. For a change, the table below lists some of the numerous such features available in Azure (and, in some cases, Office 365) in a good old-fashioned ‘A-Z’ format.

Hopefully, the sheer length of this list will serve to illustrate the capabilities Azure offers for a deployment that can meet your security requirements, and likely exceed your on-premises information security posture.

FeatureDescriptionMore info
AAssume BreachMicrosoft’s guiding principle for Cloud Security
AuditingAuditing and logging of security-related events, and related alerts, are important components in an effective data protection strategy.>
Application GatewayLayer 7 load-balancer
Availability SetsIncrease the availability of VMs providing the same service
AutoscalingAutomatically increase or decrease service capacity
BBlue TeamInternal security penetration testing of Microsoft Azure
BackupBack up and restore your data in the Microsoft cloud
CContent Delivery NetworkReduce load times, save bandwidth and increase responsiveness of websites or mobile apps
ComplianceComprehensive set of compliance offerings (including certifications and attestations)
Cloud ShellBrowser based command line management
DDisk EncryptionBitLocker for your Azure VMs
Data ProtectionClassify data based on sensitivity and apply persistent data protection to your most critical assets.
EEncryptionAzure offers multiple ways to encrypt data
ExpressRoutePrivate on-premises to Azure network circuits
EMSIdentity-driven innovations help you stay secure and productive on your favourite apps and devices
FFederation ServicesEnable users to authenticate using on-premises credentials and access all resources in cloud
GG-Cloud Impact Level 2 Accreditation IL2 accreditation for UK government
Geo-redundancyWorkloads and data geo-replicated to ensure highest SLA
HHybrid identity managementIdentity is the new control plane
IIdentity ProtectionDetect and respond to suspicious identity related events
Information ProtectionClassify, label, and protect its documents and emails
IDS/IPSDetect and respond to suspicious network related events
JJIT accessOpen network ports for limited times
KKey VaultSecurely store keys and secrets
LLog AnalyticsGet deeper visibility into your hybrid IT environment, including Azure and on-premises resources.
Load-balancingLayer 4 load-balancer for VMs
MMulti-factor authenticationAdd a critical second layer of security to user sign-ins and transactions
Mobile Device Management with InTuneSecurely manage iOS, Android, Windows, and macOS devices from a single, unified mobile solution
MonitorBase-level infrastructure metrics and logs for most services in Microsoft Azure
NNetwork Security GroupsFirewalling for your VM NICs or subnets
Network Virtual AppliancesNext Generation firewalls on the Azure Marketplace
OOperations Management Suite (OMS) Security & ComplianceThreat detection and prevention through advanced cloud security
PPolicyActive control and governance at scale for your Azure resources
Privileged Identity Management Manage, control, and monitor access within your organization
QQoSQoS with ExpressRoute and Skype for Business
RRBACEnable fine-grained access management
SSSOSingle Sign On for Cloud based apps
Shared Access SignaturesGrant limited access to objects in your storage account to other clients, without exposing your account key
(VM) Scale SetsMake it easier to build large-scale services that target big compute, large data, and containerized workloads.
Site RecoveryCloud based Disaster Recovery
Security CenterGet a unified view of security across all of your on-premises and cloud workloads
TTrust CenterLearn how Security is embedded into Azure
Traffic ManagerControl the distribution of user traffic for service endpoints in different data centres
Threat IntelligenceIdentify security threats against the environment
UUser Defined RoutingEnsure your network traffic goes where you want it to
VVPNsEncrypted client and branch office network connections to Azure
Vulnerability Assessment solutionsQualys vulnerability assessment on the Azure Marketplace
Vnet Service EndpointsSecure PaaS services to your virtual networks
WWindows Server CIS hardened imagesIndustry standard hardening ‘out-of-the-box’ttps://
XXplat CLICross-platform CLI - an alternative to PowerShell for command line management
YYearly commitmentGet prioritised compute capacity in Azure regions with Reserved Instances
Z(Availability) ZonesAutomatically place VMs providing the same service in different data centres to protect you from data centre-level failures
ZertoReplication and orchestration from VMware vSphere and Hyper-V environments to Azure.

The pace of development in this particular area of public cloud is at times dizzying, with new features being added almost daily.

If you would like to discuss security in the public cloud with a consultants who have extensive experience in this area, please contact us at or fill in you details on our contact page.

Related Post