Microsoft Azure Storage Security

I am studying the Microsoft Azure Administrator modules off of the Microsoft “Learn” website. It is a great free resource to learn some of the hottest and most relevant modern Cloud technologies. This one particular area piqued my interest: data storage security. I know that many businesses and various leaders are pessimistic about the protection of their Cloud data. It makes sense. Why would any leader not think about the way in which their organization’s data is stored in the Cloud? To many leaders, the notion of their valuable data being moved to and handled in the Cloud does not necessarily make them feel warm and fuzzy [as we may see in the commercials ;> ]. Instead they have a healthy cynicism of their data handling. I agree with the healthy cynicism.

But Microsoft Azure has many ways in which to secure data. These include, but are not limited to, proper network security rules to block out most or all traffic; access control lists; strict internal roles based access; and good old-fashioned data encryption.

Azure automatically encrypts all data as it is stored or written to the cloud, i.e. is stored “at rest” [meaning, it is sitting on the disk, so to speak]. Any file that is written to Azure storage is encrypted with Storage Service Encryption (SSE). It is 256-bit AES encryption. This is very powerful encryption and is an industry standard. My favorite part of the SSE is that this encryption of the data that gets stored to disk does NOT affect performance. So, there is no degradation whatsoever to services. Encryption involves scrambling of bits and bytes and generally takes some resources, but Microsoft accomplishes this with no hit to resources.

Of course, in addition to the SSE security, the actual virtual disks themselves, if applicable, can be encrypted as well with ‘BitLocker’ for Windows or ‘dm-crypt’ for Linux . But I wanted to focus only on the Storage Security Encryption at this point. And this SSE should help any leader breathe a sigh of relief when thinking about their data security.

Microsoft Learn can be reached here

Switzerland Welcomes Azure Region

“Microsoft Azure available from new cloud regions in Switzerland” – business is booming for Microsoft Azure.

In Switzerland, where we’ve been operating for 30 years, Azure is now available from new cloud datacenter regions located near Zurich and Geneva. More than 30 customer and partner organizations are already using these Azure services. Companies becoming more efficient, innovative, and productive through their usage of Azure in Switzerland include:

  • UBS Group, the world’s largest wealth manager, is using Microsoft Azure cloud technology to modernize many critical business applications, to leverage digital channels, and to rethink how its global workforce collaborates.
  • The Swiss Re Group, one of the world’s leading providers of reinsurance, insurance, and other forms of insurance-based risk transfer, has chosen us as a strategic partner and preferred public cloud provider. Through their use of technology and our partnership, Swiss Re strives to make insurance simpler and more accessible than ever.
  • Swisscom, the national telecommunications provider, is now offering its customers managed public cloud services delivered via our global infrastructure and new Swiss cloud regions. Swisscom will be the first Swiss telecommunications provider to offer ExpressRoute, a secure, highly available, high-performance, and private connection to Azure services.”

https://azure.microsoft.com/en-us/blog/microsoft-azure-available-from-new-cloud-regions-in-switzerland/

Microsoft Azure Sentinel

This new Azure Sentinel offering from Microsoft looks fantastic. It looks to improve the usual “SEIM” offerings out there. SEIM is an acronym for security information and event manager platform. This product or service can be set up and viewed right with Azure, of course.

The usual [overpriced] “SEIM” tools do not quite have the full Cloud ready set of tools available with Sentinel. Sentinel is, in a nutshell:

“Azure Sentinel is a cloud-native security information and event manager (SIEM) platform that uses built-in AI to help analyze large volumes of data across an enterprise—fast. Azure Sentinel aggregates data from all sources, including users, applications, servers, and devices running on-premises or in any cloud, letting you reason over millions of records in a few seconds. “

Azure Sentinel in full

Identity Offerings in Azure Marketplace

The services and products available in Azure Marketplace is always growing. It is a very impressive market, with offerings in categories ranging from “Compute” [of course!], to Analytics, Databases and to Security and Identity. In fact, Identity services look very intriguing: “Alert Logic” and “ZScaler” target a relatively new acronym: “BYOL” (Bring your own license). The “ZScaler” service in particular is interesting in that its service can “create fast, secure connections between users and applications, regardless of device, location, or network”. Their connector can be installed within the Azure Cloud instance. “ZScaler” looks to be very useful for both private and hybrid clouds.

 

 

 

Microsoft Case Study on Company Using MS VDI

This is a very interesting real world read about a large company moving to Microsoft Virtual Desktop Infastructure.

Rakuten Group Secures Sensitive Data with Virtual Desktop Infrastructure

“… Rakuten has turned to Microsoft Windows Server 2016 Remote Desktop Services (RDS). Not only does RDS provide an easy path to integrating heterogeneous systems, but it also provides an additional layer of security so new systems do not compromise Rakuten’s existing corporate infrastructure.”

Read about it here

Microsoft Data Box for Heavy Data Migration to Azure

This is fantastic – onsite data can be VERY, VERY large, or ‘heavy’, depending on how you define it in non technical terms. Moving or migrating from an office [or even a traditional datacenter] to a Cloud service can be daunting, given the amount of data needing to be uploaded to a provider. Uploads through the Internet can conceivably take days or weeks! Enter the “Data Box” or smaller “Data Box Disk” from Microsoft Azure. These secure devices can be ordered from Azure. Once they arrive, simply plug them into your network [or server], then rapidly transfer crazy amounts of data to them before shipping the device back to Azure for upload to your Cloud account.

Summary:

“Azure Data Box Family

Data migration to Azure made fast, simple, and secure

Full MS Azure “Data Box” details here.

New Thinking On Password Changes

I really like this way of thinking outside the box! Some of the old, and current, concepts on password complexity, length, history etc. are being revised. There is some new thinking on the matter, based mainly on trends and analytics Microsoft has done via millions of hack attempts on Azure based resources.

New Microsoft recommendations:

  • “Maintain an 8-character minimum length requirement (and longer is not necessarily better).
  • Eliminate character-composition requirements.
  • Eliminate mandatory periodic password resets for user accounts.
  • Ban common passwords, to keep the most vulnerable passwords out of your system.
  • Educate your users not to re-use their password for non-work-related purposes.
  • Enforce registration for multi-factor authentication.
  • Enable risk based multi-factor authentication challenges.”

Read it here 

D-Link Wireless Camera FTP Storage

We had a few break ins in the neighborhood recently so I decided to set up an outdoor surveillance camera. But I needed to upload motion detected videos to an FTP type of site. So I had to provide for video file storage for an outdoor WiFi based security IP camera. I will use a D-Link video camera and a cloud based location to store the videos. As this is for home use, there is no server. I used to have servers at home, but nowadays, I work off Azure or other Cloud based companies and it is no longer needed or feasible: the server is cloud-based. Besides, home servers are too loud, although I when I had them at home, they were pretty nifty ;>

Anyway – here are the home Surveillance Video Project specifics!