The reality of the security and responsibility in the Microsoft Azure cloud
The protection in data centers is not a topic aside from the cloud, since there are two main types of security that must be known: physical security and digital security, which we will describe below.
As the name itself states, it involves the physical part and safeguards who can enter the data center building and defines who may access the servers and manage them.
In addition, it includes elements such as concrete walls, security cameras, doors, security personnel; all these with the purpose of monitoring and guaranteeing the physical existence of a security barrier.
On the other hand, regarding the digital part, there are also very important, and even more complex, challenges. This area is concerned with who may connect to the other systems and data through the network; however, it is intricate because, at a digital level, data can travel in many ways, between data centers or through the internet, which makes for a demanding implementation.
Security and responsibility in Azure
Microsoft’s cloud, Azure, just as other data centers, faces the challenges related to physical and digital security described above, even to a larger scale because it is basically one of the biggest networks of data centers distributed all around the world.
Microsoft, in terms of physical security, makes important investments to protect the infrastructure; beyond walls, doors and other elements of this type that may be imagined, it also implements strict procedures for its employees and has reached many security certifications from external auditors.
In Azure, security is defined as an element of shared responsibility, and given the great number of elements in interaction, with digital security, a correct administration of the resources and storage is necessary; however, the responsibility may vary according to the service model. For instance, when talking about infrastructure as a service (IaaS), it is under your responsibility to apply updates, and check-ups to the operative systems and configure the network to make it safe. The contrary to the model Platform as a service (PaaS) which leaves the responsibility of anything related to software and updates to the operative System to Microsoft; even infrastructure and subnetworks can be created, through a portal or making use of automatized scripts, and, therefore, escalate according to the requirements, in a very fast way. Finally there is the software as a service model (SaaS) which is the model where the client externalizes everything because it is a software executable with Internet infrastructure. Microsoft controls the code and you simply use it in Azure.
In short, it does not matter what type of implementation of the cloud you have, you are the owner of the data and the identities. Hence, it is your responsibility to collaborate with the security of these elements. Microsoft recommends seeking support in defense strategies in depth, which in brief suggest applying protection layers, in such a way that if there is any filtration of one layer (the layers, in some occasions called rings, are: data, applications, processes, network, perimeter, identities, accesses and physical security) there are others that will mitigate the impact.