I am studying the Microsoft Azure Administrator modules off of the Microsoft “Learn” website. It is a great free resource to learn some of the hottest and most relevant modern Cloud technologies. This one particular area piqued my interest: data storage security. I know that many businesses and various leaders are pessimistic about the protection of their Cloud data. It makes sense. Why would any leader not think about the way in which their organization’s data is stored in the Cloud? To many leaders, the notion of their valuable data being moved to and handled in the Cloud does not necessarily make them feel warm and fuzzy [as we may see in the commercials ;> ]. Instead they have a healthy cynicism of their data handling. I agree with the healthy cynicism.
But Microsoft Azure has many ways in which to secure data. These include, but are not limited to, proper network security rules to block out most or all traffic; access control lists; strict internal roles based access; and good old-fashioned data encryption.
Azure automatically encrypts all data as it is stored or written to the cloud, i.e. is stored “at rest” [meaning, it is sitting on the disk, so to speak]. Any file that is written to Azure storage is encrypted with Storage Service Encryption (SSE). It is 256-bit AES encryption. This is very powerful encryption and is an industry standard. My favorite part of the SSE is that this encryption of the data that gets stored to disk does NOT affect performance. So, there is no degradation whatsoever to services. Encryption involves scrambling of bits and bytes and generally takes some resources, but Microsoft accomplishes this with no hit to resources.
Of course, in addition to the SSE security, the actual virtual disks themselves, if applicable, can be encrypted as well with ‘BitLocker’ for Windows or ‘dm-crypt’ for Linux . But I wanted to focus only on the Storage Security Encryption at this point. And this SSE should help any leader breathe a sigh of relief when thinking about their data security.
I wrote a quick overview on a new Azure Cloud Shell set up. This shell allows for command line access to Azure from within a web browser. Although the web-based Azure Portal is preferred for Azure work, due to its ease of use, there are times when CLI is needed. It is a very useful feature or tool. Read the Overview here.
“Microsoft Azure available from new cloud regions in Switzerland” – business is booming for Microsoft Azure.
In Switzerland, where we’ve been operating for 30 years, Azure is now available from new cloud datacenter regions located near Zurich and Geneva. More than 30 customer and partner organizations are already using these Azure services. Companies becoming more efficient, innovative, and productive through their usage of Azure in Switzerland include:
UBS Group, the world’s largest wealth manager, is using Microsoft Azure cloud technology to modernize many critical business applications, to leverage digital channels, and to rethink how its global workforce collaborates.
The Swiss Re Group, one of the world’s leading providers of reinsurance, insurance, and other forms of insurance-based risk transfer, has chosen us as a strategic partner and preferred public cloud provider. Through their use of technology and our partnership, Swiss Re strives to make insurance simpler and more accessible than ever.
Swisscom, the national telecommunications provider, is now offering its customers managed public cloud services delivered via our global infrastructure and new Swiss cloud regions. Swisscom will be the first Swiss telecommunications provider to offer ExpressRoute, a secure, highly available, high-performance, and private connection to Azure services.”
This new Azure Sentinel offering from Microsoft looks fantastic. It looks to improve the usual “SEIM” offerings out there. SEIM is an acronym for security information and event manager platform. This product or service can be set up and viewed right with Azure, of course.
The usual [overpriced] “SEIM” tools do not quite have the full Cloud ready set of tools available with Sentinel. Sentinel is, in a nutshell:
“Azure Sentinel is a cloud-native security information and event manager (SIEM) platform that uses built-in AI to help analyze large volumes of data across an enterprise—fast. Azure Sentinel aggregates data from all sources, including users, applications, servers, and devices running on-premises or in any cloud, letting you reason over millions of records in a few seconds. “
The services and products available in Azure Marketplace is always growing. It is a very impressive market, with offerings in categories ranging from “Compute” [of course!], to Analytics, Databases and to Security and Identity. In fact, Identity services look very intriguing: “Alert Logic” and “ZScaler” target a relatively new acronym: “BYOL” (Bring your own license). The “ZScaler” service in particular is interesting in that its service can “create fast, secure connections between users and applications, regardless of device, location, or network”. Their connector can be installed within the Azure Cloud instance. “ZScaler” looks to be very useful for both private and hybrid clouds.
This is a very interesting real world read about a large company moving to Microsoft Virtual Desktop Infastructure.
Rakuten Group Secures Sensitive Data with Virtual Desktop Infrastructure
“… Rakuten has turned to Microsoft Windows Server 2016 Remote Desktop Services (RDS). Not only does RDS provide an easy path to integrating heterogeneous systems, but it also provides an additional layer of security so new systems do not compromise Rakuten’s existing corporate infrastructure.”
This is fantastic – onsite data can be VERY, VERY large, or ‘heavy’, depending on how you define it in non technical terms. Moving or migrating from an office [or even a traditional datacenter] to a Cloud service can be daunting, given the amount of data needing to be uploaded to a provider. Uploads through the Internet can conceivably take days or weeks! Enter the “Data Box” or smaller “Data Box Disk” from Microsoft Azure. These secure devices can be ordered from Azure. Once they arrive, simply plug them into your network [or server], then rapidly transfer crazy amounts of data to them before shipping the device back to Azure for upload to your Cloud account.
“Azure Data Box Family
Data migration to Azure made fast, simple, and secure
Now offering Azure Data Box with 100TB capacity, and Data Box Disk with up to 40TB capacity
From terabytes to petabytes, choose the device that works for your migration needs
Both devices keep your data safe and secure with AES encryption
Order, fill, and return for upload to Azure – all tracked in the familiar Portal”
I really like this way of thinking outside the box! Some of the old, and current, concepts on password complexity, length, history etc. are being revised. There is some new thinking on the matter, based mainly on trends and analytics Microsoft has done via millions of hack attempts on Azure based resources.
New Microsoft recommendations:
“Maintain an 8-character minimum length requirement (and longer is not necessarily better).
Eliminate character-composition requirements.
Eliminate mandatory periodic password resets for user accounts.
Ban common passwords, to keep the most vulnerable passwords out of your system.
Educate your users not to re-use their password for non-work-related purposes.
Enforce registration for multi-factor authentication.
Enable risk based multi-factor authentication challenges.”
We had a few break ins in the neighborhood recently so I decided to set up an outdoor surveillance camera. But I needed to upload motion detected videos to an FTP type of site. So I had to provide for video file storage for an outdoor WiFi based security IP camera. I will use a D-Link video camera and a cloud based location to store the videos. As this is for home use, there is no server. I used to have servers at home, but nowadays, I work off Azure or other Cloud based companies and it is no longer needed or feasible: the server is cloud-based. Besides, home servers are too loud, although I when I had them at home, they were pretty nifty ;>