Channeling the Cloud

Microsoft Evolves Azure and Office 365 for New Age of Security Threats

With cloud computing at the center of recent high-profile security breaches and the NSA spying revelations, providers like Microsoft have been feeling pressure from customers to lock down their data.

• By Jeffrey Schwartz
• June 25, 2014

Security is still the biggest showstopper when it comes to cloud computing and, given the events of the past year -- from the Edward Snowden revelations to a number of high-profile breaches -- many customers expect cloud providers and their partners to double down.

The counter-argument is despite the proliferation of data theft, cloud providers are better positioned to safeguard data than customers running datacenters on-premises.

The truth is, whether customers store their data on-premises or use a cloud services provider, information is as secure as the safeguards put in place. Snowden never could've leaked the troves of classified data if the National Security Agency (NSA) hadn't given him unfettered access. Even worse, the NSA didn't appear to have the proper auditing controls to discover what he had done, even after the fact.

In a speech this month, Steven Martin, general manager of the Microsoft Azure service, advised that organizations can spend all the money in the world on security, but if it isn't spent on solving the real threats -- typically those within an organization -- they're likely to remain vulnerable. This is good advice to give to your customers. That said, if a customer asks you how secure Microsoft cloud services are, you should be aware of the latest developments.

Microsoft recently added encryption to Office 365 and the company in June promised it would add full Transport Layer Service (TLS) encryption by the end of this year. TLS is the successor to the Secure Sockets Layer (SSL) protocol.

Microsoft will also offer 2048-bit key lengths and Perfect Forward Secrecy by default for Office 365, Azure, Outlook.com and OneDrive. Next month, Microsoft will also offer new technology for SharePoint Online and OneDrive for Business that moves from a single encryption key per disk to a unique encryption key for each file.

As for Azure, a preview of the new anti-malware agent is available for both Microsoft cloud services and virtual machines (VMs). For customers who don't want to use the Microsoft anti-malware agent, the company has partnered with Symantec and Trend Micro, whose anti-malware offerings will also be available in the Azure portal.

The Trend Micro Deep Security and SecureCloud products will offer threat and data protection security controls for VMs deployed in Azure. The controls include anti-malware, intrusion detection, threat prevention and encryption. The company said it will also offer centralized, automated policy management. In addition, Trend Micro said it will offer its PortalProtect data protection solutions for organizations migrating or sharing SharePoint workloads with Azure.

Symantec has its Endpoint Protection, which offers client anti-virus, spyware protection, firewall and intrusion prevention. Partners or customers can manage clients from the on-premises Symantec Endpoint Protection Manager (SEPM), or from an Azure-hosted SEPM.

Whatever your area of expertise, if you're offering cloud services, making sure your customers know their security options is a pragmatic thing to do.

More Columns by Jeffrey Schwartz:

• Microsoft Brings Azure into Focus for Partners
• Major Cloud Players Are Jumping on the DaaS Wagon
• Column Archive