BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Microsoft's Azure cloud computing platform has emerged as a chief rival to Amazon Web Services' public cloud dominance, and the software giant is hoping Azure security improvements will help it gain ground in the race for enterprise cloud computing market share.
While Microsoft partners say Azure security has become one of the strongest underpinnings of Microsoft's cloud strategy, analysts say the software giant's cloud security capabilities still trail those of AWS by a significant margin.
During last month's TechEd conference in Europe, Microsoft announced the availability of Microsoft Antimalware for Azure Cloud Services and Virtual Machines. The single-agent extension gives Azure customers an extra layer of security at no additional cost; the antimalware software can be deployed with custom or default configuration for VMs and cloud services and, according to Microsoft, it's designed to run in the background without human oversight.
In addition, Microsoft earlier this month acquired Aorato Ltd., an Israel-based identity and access management startup, for an undisclosed amount in a move to strengthen its Identity and Security Services Division, which includes Azure Active Directory services. Microsoft also recently rolled out Azure Machine Learning, a fully managed cloud service for developing predictive analytics, which solution providers say could play a crucial role with cloud security.
These are just a few of the moves the company has made to bolster Azure's security and stay competitive with AWS, which made several of its own security improvements during the AWS re:Invent conference last month.
Jason Sauersco-founder of Phidiax
Microsoft partners attribute many of the cloud security improvements to new chief executive Satya Nadella, who previously served as executive vice president of Microsoft's Cloud and Enterprise Group before taking over as CEO of the company earlier this year. In just a short time, Nadella's emphasis on cloud computing has made an impact, as the company reported a 121% year-over-year increase in Azure platform service revenue for its most recent quarter (Microsoft did not disclose the Azure revenue figure for the quarter).
Jason Sauers, co-founder of Phidiax LLC, a Denver-based cloud consulting firm and Microsoft Azure partner, said he's enthusiastic about the cloud security changes at Microsoft under Nadella.
"I think there's been a huge difference with how Microsoft views security. They've completely retooled the organization this year," Sauers said. "The integrated security behind Azure is, to me, unparalleled."
Why AWS security tops Azure security
Despite the optimism from Microsoft partners, IT security analysts generally agree that Microsoft still trails Amazon in the cloud security realm.
"I don't see any glaring holes in Amazon's security right now," said Rich Mogull, CEO and analyst at Securosis LLC, a Phoenix-based security research firm. "They have a sizeable lead in that department on the competition, including Microsoft."
In a recent webinar titled "Public IaaS: Amazon or Microsoft?" Gartner Research Director Kyle Hilgendorf said both cloud providers are doing a "very good job closing a lot of security gaps," but that AWS still gets a major edge in the category.
Specifically, Hilgendorf highlighted a few key areas where AWS gets the nod over Azure. First, AWS' firewalls and access control lists feature a hierarchal concept called "security groups" that allow users to create rules and policies for VM containers, and all VMs in a container inherit its policies. With Azure, Hilgendorf said, customers must either update the policies on a VM-by-VM basis or develop a custom script to apply the policies to all VMs.
"We don't think that scales very well," Hilgendorf said in the webinar, adding that having to apply a policy to each individual VM opens the door for user errors during the configuration process.
Another area where AWS comes out ahead, according to Hilgendorf, is role-based access control (RBAC).
"Amazon gives very granular, very specific role-based access control at all levels of their infrastructure," he said, adding that Microsoft has more general RBAC groups for Azure. "It's an area in the security realm where Amazon shines."
Microsoft declined to comment for this story.
Azure security benefits
That said, Hilgendorf said there are benefits to using Azure from a security and data protection standpoint.
One of the biggest security-specific pluses for Azure, according to analysts and solution providers, is Azure Active Directory. Hilgendorf said Azure AD gives customers the ability to federate with on-premises Active Directory environments or perform directory synchronization with the Azure AD environment.
"Think about the power that reusing your organizational group structure and Group Policy Objects would have as you start to deploy significant amounts of Microsoft infrastructure within Azure," he said.
David Geevaratne, president of New Signature, a systems integrator and Microsoft partner based in Washington, D.C., said Azure AD Premium, its high-end cloud AD package that includes multifactor authentication and Forefront Identity Manager, is a valuable resource for enterprises looking to move more infrastructure to the cloud.
"Identity and access management is where Azure does a great job," he said. "In essence, you're getting a cloud-based security service for your entire environment that protects your identities and protects you from brute-force attacks."
Azure competes with AWS on disaster recovery, integration
Some of benefits of Azure have less to do with actual security tools and features and more with the underlying cloud architecture. For example, Hilgendorf said Microsoft has made it easy for customers to replicate Hyper-V VMs in Azure for business continuity and disaster recovery, a process that is much more complex with AWS.
Geevaratne said Hyper-V integration is one of the key benefits of Azure that entices customers.
"If I'm running a VM on-premise," Geevaratne said, "I can ship it to Azure, test it out, and if I don't like it, I can move it right back."
Indeed, partners say integration with existing Microsoft tools and environments is arguably the biggest driver for customers choosing Azure over other public cloud services. Matt Johnson, co-founder and CEO of Raven Data Technologies, a solution provider headquartered in Reisterstown, Md., said his company shifted from AWS to Azure as its recommended IaaS platform because Azure is easier to develop applications for and integrate with existing IT infrastructure.
Overall, Microsoft partners like Phidiax's Sauers expect to see more updates and improvements to Azure security as Microsoft tries to close the gap with Amazon in the cloud race.
"The rate they're introducing these updates is incredible," Sauers said. "The antimalware addition is a big plus, and now they're rolling out machine learning. That's staggering."
Learn more about the most critical cloud security threats