Australian customers may be happy that Microsoft has finally turned on Australian presences for its Azure cloud service, but some are warning that planned cloud adopters need to be careful not to be over-reliant on the company's internal security measures.
While the new Australia East and Australia Southeast regions will address many organisations' concerns about data sovereignty and the performance of cloud services, Trend Micro director of strategic business and alliances Greg Boyle warned in a recent blog, Microsoft's heavy investment in back-end Azure security wouldn't prevent customers from being exposed in many of the same ways that they were with proprietary architectures unless they take prudent precautions.
“Microsoft delivers a secure infrastructure,” Boyle wrote, noting that the move to such cloud services necessarily entails adoption of a 'shared security model' in which “the security of the data and applications loaded onto the cloud is up to you.”
That burden required new thinking about often long-standing security models as workloads “step outside the traditional boundaries and security perimeter that has been the cornerstone of a good defence,” Boyle wrote.
“Anti-malware filtering via a gateway appliance, intrusion prevention and firewalling at the gateway are no longer the bastion preventing threats from attacking critical systems. With flexibility of workloads in the cloud, scaling up and scaling out can quickly introduce security gaps and overload traditional security choke points.”
Licensing was another issue that needed to be addressed: often-temporary virtual servers may consume a full year's license for security software unless system administrators are careful to ensure their licensing terms allow the flexibility to match.
Trend Micro, for its part, had met this requirement by offering by-the-hour billing for its Deep Security suite of cloud tools, which is deliverable as a Microsoft Azure extension. Rival Check Point Software Technologies has also taken to the cloud, announcing today that it has brought its Threat Prevention and Virtual Security Gateway to the Azure environment.
Data compliance was yet another key burden for organisations in the cloud, with customers needing to stay on top of PCI-DSS, IRAP, the Australian Privacy Principles and other relevant regulations. Microsoft had implemented some protections for its own platform but organisations requiring compliance needed to make sure they had built up the appropriate policies to manage and protect their data on top of whatever capabilities Microsoft had provided within Azure.
When done correctly, Boyle wrote, Azure security can deliver stronger results than previous environments: “security is often cited as one of the main concerns and inhibiting factors with cloud adoption,” he wrote. “However, we have seen many organisations achieve levels of security in the cloud higher than in their own infrastructure.”
This article is brought to you by Enex TestLab, content directors for CSO Australia.