Microsoft is continuing its efforts to rival Amazon Web Services in the infrastructure as a service sector by making...
significant improvements to its platform security in the form of two new tools: the Microsoft Azure Security Center and the Azure Container Service. This tip takes a closer look at these tools and how they are designed to benefit enterprises.
The idea of the Microsoft Azure Container Service is to offer a service that leverages Microsoft's partnerships with Docker and Mesosphere in order to make delivering a production-ready container cluster simple and manageable in the cloud. It combines open source Mesosphere cluster management -- for Apache Mesos and Mesopshere Data Center Operating System -- with Docker's containerization technology.
At the moment, manually deploying and managing containers can be problematic beyond a certain volume, but the aim is to make it much more manageable in Azure. As containers become more popular as an alternative to virtual machines, Microsoft's move to alleviate the key concerns associated with deployment and management is shrewd, and it should provide a tangible benefit to customers looking to take advantage of the portability and scalability of containers.
Azure Container Service will initially support Linux containers, but Azure will add Windows container support with the introduction of Windows Server 2016. Amazon Web Services (AWS) also incorporates Docker support, but it does not yet offer the same functionality as Microsoft's new Azure Container Service.
The Microsoft Azure Security Center is designed to grant cloud administrators a more detailed and manageable view of the security of their Azure resources. Importantly, Azure Security Center will integrate with major security providers such as Check Point, F5 Networks and Cisco. Its main focus will be on security monitoring, policy management and threat detection across an enterprise's Azure environment.
The Microsoft Azure Security Center dashboard shows a centralized view of the security status of virtual machines, networking, SQL databases and applications, and it provides recommendations on how to remedy any issues. There is even an option to implement these recommendations through integrations with key third-party security products, such as deploying a Barracuda Web application firewall on an application.
Many organizations run the risk of losing control of the data they are storing in the cloud, and extending their corporate security policies into the cloud can be difficult. Any tools that improve visibility and allow administrators to manage their cloud assets more securely will always be welcome. Interestingly, the Microsoft Azure Security Center will incorporate information from Microsoft customers' networks, as well as Microsoft's global threat intelligence sources, which is a potentially powerful combination. This information can be used to detect ongoing attacks or potentially compromised machines. This type of intelligence-driven threat detection and monitoring will be the key to effective cybersecurity in the coming years.
It remains to be seen whether Microsoft will offer customization of the intelligence feed to make the information in the Azure Security Center relevant to particular sectors, but this is a great start. AWS doesn't really have an equivalent of the Security Center at the moment, showing further evidence of Microsoft's continuing efforts to improve and innovate in cloud security.
Read more about defending against man-in-the-cloud attacks