£3 million. That is the average cost of a cybersecurity breach in 2021 – according to IBM. Besides the value of any content stolen during data breaches, these events also cost reputation, time and money putting them right, not to mention fines and even legal fees.
If your organisation is thinking of migrating its files, content and workloads to Microsoft Azure, you want to be sure that you avoid costly data breaches in this new environment. The good news is that you’re in safe hands. Microsoft invests a whopping $1 billion in protecting its cloud data centre network every year. They also employ 3,500 full-time cyber experts to keep the environment protected.
But you wouldn’t be doing your due diligence if you migrated all your content to Azure without becoming familiar with how Microsoft protects your data and processes in the cloud. So, let’s see how using Azure can improve your organisations security.
Security features in Microsoft Azure
When you migrate to Azure, you will have access to an extensive range of powerful tools that can protect you from ransomware, hackers, scams and insider threats – and Microsoft lists its ever-expanding security feature set here.
While it is good to know about all of Azure’s cybersecurity tools, most organisations will only ever need to use a handful of them. Here are five of the most important security features in Azure.
5 key Microsoft Azure security features
When we work with clients to implement security best practice in Microsoft Azure, the following five features provide powerful methods of shoring up their defences.
- Microsoft 365 Secure Score
The Microsoft 365 Secure Score allows Azure administrators to review and change hundreds of security settings across their Azure environment. When you log into the Secure Score page, you’ll see a rating of your current level, and a list of potential changes you can make to improve your security posture (it also tells you how you compare to other organisations in your industry).
By giving you a clear view of how you have configured your security posture, it becomes easier to make changes, identify any ‘low hanging fruit’ to boost security, and continually improve your security posture.
- Encryption
Across Microsoft Azure, all data can be encrypted – both at rest and while in transit.
Encryption in transit means that whenever data is sent across networks (both within Azure, and to your employees’ devices) all files are completely encrypted. Even if they were to get intercepted by a malicious actor, they could not be viewed.
Microsoft also supports encryption at rest. Every time data is written to Azure storage it can be encrypted. This means that if a disk gets stolen or hacked into, the person accessing it still wouldn’t be able to read anything without the right security keys.
- Access built around identity
Microsoft has developed a sophisticated identity-based approach to accessing files and content in Azure. Besides username and password, Azure deploys multi-factor authentication to verify that users are who they say they are.
It is also easy to restrict access to content depending on user group, so staff can only view content on a ‘need to know’ basis. Microsoft also uses artificial intelligence to identify any unusual behaviour. For example, if an employee logs into your systems in unusual ways (such as a different device or location to normal) an alert will be raised.
Webinar series: Identity is the new security
- Defender for Cloud
Microsoft Defender for Cloud is a powerful tool that can support all aspects of threat detection and security management in Azure. It gives you access to powerful resources where you can configure your security posture.
Defender for Cloud then proactively detects and resolves threats for you as well as alerting you to any issues. It can also provide tips and guidance on how you can improve your security.
- Antivirus technology
Besides Microsoft’s own in-built antivirus and anti-malware software, you can also install antivirus technologies from brands like McAfee, Kaspersky Labs, or Symantec across virtual machines in Azure. They can continually scan for any potential malware and protect your environment from being breached.
You might also like: What is a security conscious culture?
Responsibility for Microsoft Azure security is shared
Microsoft makes it clear that it views security in the cloud as a shared endeavour. While Microsoft will manage hardware and protect you from attacks on its physical networks, they make it clear that you are responsible for following cybersecurity best practise, ensuring you are compliant with any rules affecting your industry, and for backing up your data.
At FITTS, we believe that the extensive security tools that Microsoft Azure provides are vastly superior to anything that most organisations could implement and manage in-house. Nonetheless, you need an understanding of how to configure these systems, so they meet your needs and protect you from various threats.
We help companies like yours to manage Azure security and minimise your risks as far as possible. Contact us today for a cloud security workshop to learn more about securing Azure.
James Haworth
James has 20 years of experience working within global businesses to deliver strategic digital and infrastructure transformations. With clients spanning Financial Services, Energy, Telecoms, Aerospace and Defence he has a broad array of knowledge and experience across multiple sectors. With a specialisation in security, James has been instrumental in defining, delivering and overseeing the delivery of digital strategies and is a sought-after advisor in a CIO/CTO advisory capacity.
As one of our founders, and our managing director, James focuses his time on delivering the FITTS mission, vision and value promise. James’ visionary and forward-thinking approach is valued by our partners and customers alike. He participates on strategic product boards to help define the future roadmap of existing platforms, alongside new products and services.
As well as our technology and strategy delivery, James is passionate about Diversity and Inclusion and partnering with organisations to ensure that their digital platforms are not just innovative but prioritise people-first.