Shulou(Shulou.com)06/01 Report--

There are several areas that cloud security needs to focus on: physical security, network security, data security, identity and access management, and application security. The following is a brief description of these aspects.

Physical security

The application of technology can make the system automatically obtain the authorization and authentication needed for access, and the changes brought about by the progress of security technology can make it a way to ensure physical security. From the pattern of using traditional enterprise applications and deploying hardware and software for computing to physical locations based on business, using software as a service and software plus services is another case. These changes make it necessary for the organization to make further adjustments to ensure the safety of its assets.

OSSC is responsible for managing the physical security of all Microsoft data centers, which is critical to keeping the facility running and protecting customer data. The process of building using security design and operations can be accurately applied to each facility. The article you see is from the active Directory seo http://gnaw0725.blog.51cto.com/156601/d-3

Microsoft ensures additional control over each edge layer established on the inner and outer periphery.

The security system uses a combination of different technical solutions, including cameras, biometrics, card readers, and traditional security measures that include alarms, such as locks and keys. Operational controls are used to automate monitoring and provide early notification in the event of violations or problems, and to allow the review of physical security solution documents in the data center for accountability. Here are more examples of how Microsoft applies controls in terms of physical security:

Security requirements put forward by Microsoft, who restrict access to the data center, will be reviewed for data center employees and contractors. In addition to its provisions in contracts with field staff, security measures applied to the personnel level should be included within a secure data center. Access is restricted by applying a policy of minimum permissions, so only the necessary personnel are authorized to manage the customer's applications and services.

Address high business impact data requirements-Microsoft has developed more stringent minimum requirements to classify assets used in data centers that provide online services as highly sensitive, moderate and low sensitive. Standardized security protocols are used to identify, access tokens, and clearly record and monitor what type of authentication is required for site entries. In this case of access to highly sensitive assets, multi-factor authentication must be carried out.

Centralized physical asset access management-as Microsoft continues to expand the number of data centers used to provide online services, a tool has been developed to manage physical asset access control and audit and record access to the data center through centralized workflow. The operation of the tool uses the principle of providing the required minimum access and includes a workflow approved by an authorized partner. It can be configured as an on-site condition and provides more efficient access to the history used for reporting and compliance audits. The article you see is from the active Directory seo http://gnaw0725.blog.51cto.com/156601/d-3

network security

Microsoft applies multifaceted security to appropriate data center devices and network connections. For example, security control and control and management schemes are used. Specialized hardware devices, such as load balancers, firewalls and protective equipment, are used to deal with large-scale denial of service (DoS). The network management team uses hierarchical access control lists (ACL) to divide virtual local area networks (VLAN) and applications as needed. Through network hardware, Microsoft uses application gateway functions to deeply detect packets and take action, such as sending alerts, blocking or blocking suspicious network traffic.

Microsoft's cloud environment runs a globally redundant internal and external DNS infrastructure. Redundant fault tolerance is achieved through DNS server clustering. Additional controls are used to reduce the risk of distributed denial of service (DDoS) and cache spoofing or tampering. For example, only authorized people are allowed to write to DNS records through ACL in DNS servers and DNS zones. New security features, such as randomly querying identifiers and using the latest and secure DNS software on all DNS servers. The DNS cluster constantly monitors unauthorized software and DNS zone configuration changes as well as other disruptive service events.

DNS is part of a globally connected Internet that requires many organizations to participate and provide this service. Microsoft has made many efforts in this regard, including participation in the Association for Domain name Operations Analysis and Research (DNS-OARC), which is made up of DNS experts from around the world.

Data security

Microsoft classifies assets to determine the strength of security controls that need to be adopted. The classification takes into account potential financial and reputational losses caused by security incidents related to assets. Once the classification is completed, in-depth defense measures will be taken against the parts that need to be protected. For example, data classified as moderate impact needs to be encrypted when it is placed on removable media or transmitted on an external network. For high-impact data, in addition to these requirements, it is also required to encrypt when transmitted and stored on internal systems and networks. The article you see is from the active Directory seo http://gnaw0725.blog.51cto.com/156601/d-3

All Microsoft products must comply with SDL's encryption standard, which lists allowed and non-allowed encryption standards. For example, the key length of symmetric encryption needs to be more than 128 bits. If you use an asymmetric algorithm, you need to use a key of 2048 bits or more.

Identity and access management

Microsoft uses guidance principles and a minimum privilege model to manage access to assets. If possible, use role-based access control to logically assign specific job responsibilities and scope, rather than to individuals. If the asset owner does not grant access through a policy-specific configuration, the relevant business request is denied by default.

Individuals who have access to any assets must be authorized through appropriate measures. Highly sensitive assets require multi-factor authentication, including passwords, hardware tokens, smart cards, and biometrics. Conduct continuous reviews of authorized users to ensure that their use of assets is appropriate. Accounts that no longer need to access assets will be disabled.

Application security

Application security is a key factor for Microsoft to secure its cloud computing environment. Microsoft formally incorporated a process called secure Development Lifecycle (SDL) into the product development team in 2004. The SDL process is an unrestricted development approach that can be integrated into the entire application development life cycle from design to response, and will not replace existing software development methods such as waterfall or agility. The various stages of the SDL process emphasize education and training, and delegate and apply specific activities and processes to all stages of application development. The article you see is from the active Directory seo http://gnaw0725.blog.51cto.com/156601/d-3

Senior leaders within Microsoft continue to support SDL and apply it to the development of Microsoft products that include the delivery of online services. OSSC ensures that SDL plays an important role in the development process of building applications hosted by the Microsoft cloud infrastructure.

This content is transferred from the Microsoft White Paper on Cloud Security. For articles related to the five major concerns of cloud security, please refer to

ITIL Security risk Assessment

Five major concerns of cloud security

Enterprise Network Information Security Management

-gnaw0725

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.