Azure VS AWS Security

Microsoft Azure is a set of cloud services that can help your business achieve fearless growth. No matter how big or small your company, Azure can provide you with the freedom to build, manage and deploy apps using your favourite tools and frameworks. Azure offers a range of functionalities including, analytics, storage, computing, networking and more – all of which integrates with your cloud environment to help you achieve fearless growth. Azure Create a hybrid cloud environment with ease,It has a comprehensive set of compliance offerings,Covers more global regions than any other cloud provider.

Security is a big concern to many businesses, especially in the cloud. Azure and AWS are two of the biggest cloud providers, and both have the capabilities of making sure your cloud environment is secure. 

Microsoft has created their own version of role-based access control (RBAC) called Azure Directory. RBAC will help you enhance and simplify security as you control users’ permissions. Thanks to Microsoft background on networking, they’ve been able to develop a complex and strong security feature that will allow you to manage users access successfully.  

 

The following are some important aspects wherein Azure scores over AWS.

Many of the same principles that apply to AWS can also apply to Azure, but Azure Network Security Groups (NSG) have a few important differences:

  • NSGs can be applied to individual VMs, subnets, or both
  • NSGs have both ‘Deny’ and ‘Allow’ rules – This means that rule order (or priority) matters!
  • Like EC2 Classic Security Groups, Azure NSGs can only be applied to resources in the same region they were created in
  • Azure has a security feature called Endpoint ACLs, you can’t have both an NSG and an endpoint ACL applied to the same VM
  • All NSGs include a set of default rules that cannot be changed or deleted, but can be overridden

Like AWS Security Groups, Azure NSGs have two sets of rules, inbound and outbound.

Each rule has the following properties:

  • Name
  • Priority – A best practice will be to use large increments (100,200) so you won’t have to edit the priorities of existing rules when adding new ones
  • Source – Any/CIDR block/Tag (Tags are explained below)
  • Protocol – TCP/UDP/Any
  • Source Port – Range/Single Port/Any
  • Destination – Any/CIDR block/Tag (Tags are explained below)
  • Destination Port – Range/Single Port/Any
  • Action – Allow/Deny

Microsoft Azure has two deployment models, Classic and Resource Manager. Simply put, old and new. The two deployment models are different approaches for using the Azure cloud platform, and they handle resource provisioning differently. I highly recommend reading more about the differences between Resource Manager and Classic.

In Classic Deployments – NSGs are applied to VMs. This means that the NSG rules will apply to all traffic coming to and going from the VM.

In Resource Manager Deployments – NSGs are applied to NICs. This means that the NSG rules will only apply to the relevant NIC. In a multi-NIC machine, the NSG will not process traffic from other NICs unless configured on them.

In both deployments – NSGs can be applied to subnets. This means that the NSG rules will be applied to all NICs that belong to that subnet.

Azure and AWS for Microsoft stores

Microsoft has long been synonymous with big business. Microsoft Azure facilitates cloud migration for users who currently use Windows Server, SQL Server, Exchange, and other Microsoft technologies.

For .NET developers, publishing applications on Azure is surprisingly simple. Publishing your app on Azure App Services or Cloud Services eliminates all the headaches associated with deploying applications and managing servers.

For Microsoft stores, Azure has a big advantage. However, AWS supports Windows, SQL Server, and other technologies used by .NET developers.

Azure and AWS for Open Source Developers

Amazon may have started as an online vendor, but Microsoft has always looked for Windows-based business customers and similar platforms. Azure will continue this relationship with enterprise users by providing seamless integration with Visual Studio and integration with Active Directory. You can also connect to the Azure platform and Office 365 using your current Active Directory account.