Microsoft Azure Government security capabilities for partners
Azure Government Cloud takes advantage of multi-layered security provided by Microsoft across its physical datacenters, infrastructure, and operations in Azure. It delivers solutions that allow your customers to benefit from the state-of-the-art security delivered in Azure Government data centers. You can rely on a purpose-built cloud with security controls integrated into the hardware and firmware components, as well as added protections against threats such as distributed denial of service attacks. Benefit from a team of cybersecurity experts that work together to help safeguard your mission’s assets and data in Azure Government.
Being that security is a shared model, we protect the assets and you protect the workload. Built-in controls and services extend across identity, data, networking, and apps, providing continuous protection with deeper insights from Azure Security Center and allowing extended protections to hybrid environments and easy integration with third party partner solutions.
Below is a list of tools and services you can leverage in your partner practice opportunities:
Azure Security Center is a unified infrastructure security management system that strengthens the security posture of your data centers and provides advanced threat protection across your hybrid workloads in Azure across different clouds and on premises.
Azure AD is a multitenant, cloud-based directory and identity management service that combines core directory services, application access management, and identity protection.
Azure is a multitenant cloud, which allows isolation via Virtual Networks (Vnets), subnets, user-defined routes, network security groups, VPNs, Azure Firewall, and Azure Web Access Firewall (WAF).
Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It is a fully stateful firewall as a service (FWaaS) with high availability and unrestricted cloud scalability.
Azure Application Gateway offers a web application firewall (WAF) that provides centralized protection of your agency’s web applications from common exploits and vulnerabilities. Web applications are increasingly targeted by malicious attacks that target commonly known vulnerabilities.
Azure Information Protection (AIP) is a cloud-based solution that helps classify and optionally, protect documents and emails by applying labels. Labels can be applied automatically by administrators who define rules and conditions, manually by users, or in combination, where users are given recommendations.
Azure supports various encryption models, including server-side encryption that uses service-managed keys, customer-managed keys in Key Vault, or customer-managed keys on customer-controlled hardware. With client-side encryption, you can manage and store keys on-premises or in another secure location.
Azure Key Vault provides solutions to address the following problems: secrets management, key management, and certificate management.
Azure Dedicated HSM is an Azure service that provides cryptographic key storage within Azure. Dedicated HSM meets the most stringent security requirements. It’s the ideal solution for customers who require FIPS 140-2 Level 3-validated devices and complete and exclusive control of the HSM appliance.
Azure Monitor maximizes the availability and performance of your agency’s applications by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your agency’s cloud and on-premises environments. It helps your agency understand how their applications are performing and proactively identifies issues that affect them and the resources they depend on.
Distributed denial of service (DDoS) attacks are some of the largest availability and security concerns facing customers that move their applications to the cloud. A DDoS attack attempts to exhaust an application’s resources, making the application unavailable to legitimate users. Attacks can be targeted at any endpoint that is publicly reachable through the internet.
Azure Blueprints enables cloud architects and central information technology groups to define a repeatable set of Azure resources that implement and adhere to an organization’s standards, patterns, and requirements. Azure Blueprints makes it possible for development teams to rapidly build and stand up new environments with trust they’re building within organizational compliance with a set of built-in components—such as networking—to speed up development and delivery.
Azure Policy is a service in Azure for creating, assigning, and managing policies. These policies enforce different rules and effects over various resources, enabling that those resources stay compliant with corporate standards and service level agreements.
Microsoft Trust Center, provides the information needed to be confident that the Azure platform on which you run your services is secure.
Microsoft recently announced a significant milestone in serving our mission customers from cloud to edge with the availability of two new Azure Government Secret regions, now in private preview and pending accreditation. Azure Government Secret delivers comprehensive and mission-enabling cloud services to US Federal Civilian, Department of Defense (DoD), Intelligence Community (IC), and US government partners working within Secret enclaves.
Find additional details about this new capability here.
Microsoft announced the expansion of FedRAMP Moderate and FedRAMP High coverage to Azure public cloud regions – creating new partner practice opportunities across various federal agencies.
Azure and Azure Compliance Offerings (see appendix B for complete list)