Access to customer data by Microsoft operations and support personnel is denied by default. Once access to customer data is granted, management approval is required and access is carefully managed and recorded. Access control requirements are established by the following Azure security policies:
By default, there is no access to client data.
Client virtual machines (VMs) do not have a user or administrator account.
Grant the minimum privileges needed to complete the task. Audit and logging of access requests.
Azure Support Staff is assigned a single Enterprise Active Directory account by Microsoft. Azure leverages Microsoft Enterprise Active Directory managed by Microsoft Information Technology (MSIT) to control access to leading information systems. Multifactor authentication is required and access is only allowed from a secure console.
Azure allows customers to encrypt data and manage keys, and safeguards customer data for applications, platform, system, and storage using three specific methods: encryption, segregation, and destruction.
Azure is a multitenant service, meaning that multiple customers’ deployments and virtual machines are stored on the same physical hardware.
Protecting Data At Rest
Azure offers a wide range of encryption capabilities, giving customers the flexibility to choose the solution that best meets their needs. Azure Disk Encryption is a capability that lets you encrypt your Windows and Linux IaaS virtual machine disks. Azure Disk Encryption leverages the industry-standard BitLocker feature of Windows and the DM-Crypt feature of Linux to provide volume encryption for the OS and the data disks. The solution is integrated with Azure Key Vault to help you control and manage the disk encryption keys and secrets in your key vault subscription, while ensuring that all data in the virtual machine disks are encrypted at rest in your Azure storage. SQL Database TDE is based on SQL Server’s TDE technology, which encrypts the storage of an entire database by using an industry-standard AES-256 symmetric key called the database encryption key. SQL Database protects this database encryption key with a service-managed certificate. All key management for database copying, Geo-Replication, and database restores anywhere in SQL Database is handled by the service.
Protecting Data In Transit
For data in transit, customers can enable encryption for traffic between their own VMs and end users. Azure protects data in transit, such as between two virtual networks. Azure uses industry-standard transport protocols such as TLS between devices and Microsoft datacenters, and within datacenters themselves.
Customers can encrypt data in storage and in transit to align with best practices for protecting confidentiality and data integrity. For data in transit, Azure uses industry-standard transport protocols between devices and Microsoft datacenters and within datacenters themselves. You can enable encryption for traffic between your own virtual machines and end users.
Customers may opt for in-country storage for compliance or latency considerations or out-of-country storage for security or disaster recovery purposes. Data may be replicated within a selected geographic area for redundancy.
When customers delete data or leave Azure, Microsoft follows strict standards for overwriting storage resources before reuse. As part of our agreements for cloud services such as Azure Storage, Azure VMs, and Azure Active Directory, we contractually commit to specific processes for the deletion of data.
EXPERTISE At Dalwax, we’ve tackled several challenging Azure transformation journeys for our customers, by re-architecting and rewriting their applications from the ground up to be Azure-native. Along the way, we learned some key lessons on how to re-architect applications to be modular, scalable, fault tolerant and ultra-responsive.
PaaS & Container Architectures
We are experts at converting traditional stateful applications into modern applications leveraging Azure PaaS services and container architectures for total control over scalability and resilience.
While modernizing applications we leverage an Agile DevOps driven approach that enables application delivery transformation by enabling toolchains and processes that support continuous integration and continuous delivery.
We can help develop and implement best-fit architectures and components depending on whether your application is heavy on end-user interactions (predominantly user driven and UI / UX is important) vs Event driven (IoT and business process automation Intelligent apps).
Corporate compliance, governance and performance considerations can mandate application components to remain within Private cloud or existing on-premise environments, and still talk to the Public cloud components. Our experts can help design solutions for optimal performance and scale.
While monolithic, on-premise applications are perceived to be secure due to the ability to implement centralized security policies while behind corporate firewalls, with our knowledge and expertise we can help deploy enhanced security postures within your Azure cloud environments.
We can help businesses efficiently leverage ready-to-use Azure cloud services and solution components to reduce development time while benefitting from the inherent cloud native features of the services. Our experts strike the right balance between upfront vs ongoing benefits of using these services.
Privacy & Cookies Policy
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.