Azure provides all its services through data centers in multiple regions. These data centers are interconnected within regions, as well as across regions. Azure understands that it hosts mission-critical and important applications, services, and data for its customers. It must ensure that security is of the utmost importance for its data centers and regions. Customers deploy applications to the cloud based on their trust that Azure will protect their applications and data from vulnerabilities and breaches. Customers will not move to the cloud if this trust is broken, and hence, Azure implements security at all layers, as seen in next diagram, from the physical perimeter of data centers to logical software components. Each layer is protected, and even the Azure data center team does not have access to them.
Security is of paramount importance to both Microsoft and Azure. Azure is a cloud platform hosted by Microsoft. Microsoft ensures that trust is built with its customers, and it does so by ensuring that its customer deployment, solutions, and data are completely secure, physically and virtually. People will not use any cloud platform if it is not physically and digitally secure. To ensure that customers have trust in Azure, each activity in the development of Azure is planned, documented, audited, and monitored from a security perspective. The physical Azure data centers are protected for any intrusion and unauthorized access. In fact, even Microsoft personnel and operations teams do not have access to customer solutions and data. Some of the out-of-the-box security features provided by Azure are listed here:
- Secure user access: A customer's deployment, solution, and data can only be accessed by the customer. Even Azure data center personnel do not have access to customer artifacts. Customers can allow access to other people; however, that is at the discretion of the customer.
- Encryption at rest: Azure encrypts all its management data so that it cannot be read by anyone. It also provides this functionality to its customers, as well as those who can encrypt their data at rest.
- Encryption at transit: Azure encrypts all data that flows from its network. It also ensures that its network backbone is protected from any unauthorized access.
- Active monitoring and auditing: Azure monitors all its data centers actively on an ongoing basis. It actively identifies any breach, threat, or risk, and mitigates them.
Azure meets country-specific, local, international, and industry-specific compliance standards. They can be found at https://www.microsoft.com/en-us/trustcenter/compliance/complianceofferings.