before we look at what service is in. Tools are available in natural to secure your applications in data. Let's take a look at the security responsibility in the cloud.
Let's start with how security is done in the traditional way. We're each enterprise on their own data center.
The first team. You need to think about these. The physical security of the data center, restricting access to the building, installing surveillance and keep them equipment hiding guards and so on.
Next, you need to make sure that the personnel that is working in the data center and the users of the equipment, like developers and 90 administrators, complied with certain security policies and four security procedures.
Those can be things like registered in visitors requiring valid identification document for registration, requiring strong passwords, etcetera.
The last thing is the digital security that deals with securing the digital infrastructure like network segmentation, firewalls, application and user access and others.
As you can see, ensuring the security of your own data center is not a trivial job and requires a lot of expert ties.
How does this change in the cloud
when you use the cloud, you do not maintain the data center and Microsoft is fully responsible for physicals. Lee securing the facilities, surveilling the building and hiring physical security personnel.
Microsoft is solely responsible for the physical security of the data center.
Microsoft is also responsible for establishing policies and procedures when it pertains to the data center or the hardware infrastructure in it
responsible for any policies and procedures related to the actual platform itself. However, you us A customer are responsible for establishing policies and procedures for your own applications in the data it handles.
Last but not least, Microsoft is responsible for the digital security of National Platform.
This includes ensuring the platform itself cannot be compromised. The tenants residing on the platform are authenticated and authorized to use only. Their resource is
management. AP I said always available and so on.
But again, you, us, a customer are responsible for the digital security of your applications in the data they handle.
This means that you should ensure that users are of your applications that authenticated that is properly encrypted and so on.
Let's look at each layer in the application stock and who is responsible for security in every scenario. On premise, I us past and sauce,
as we've already established for the on premise deployments, the responsibility for security force completely on you, the customer starting with the physical security, going toe, the operating system and network security, and ending with the data security and governance you manage. Every security expert aspect,
as you remember I asked, is the closest to the on premise model in the Iast model. The Cloud Vander is responsible for the physical security, but you as a customer have the responsibility to secure the rest, including operating system application and data.
You still need to think about applying security patches to the oise run times and frameworks, properly configuring the network controls and so on
in the past model this responsibility shift even more, towers. Microsoft
Microsoft is fully responsible for the physical security and the operating system. Security and you, as a customer share the responsibility for security in the network application and the identity infrastructure. The rest of the stock is still your responsibility
in the South model, the majority of the security responsibilities handled by Microsoft.
You still share the responsibility for the identity infrastructure and take care of the counter an Axis management and points and data. But everything else is handled by Microsoft.
Microsoft applies layered approach to security, known as defence in depth
defence. In depth is a strategy that employs Siri's of mechanisms to slow the advance of an attack targeted to acquiring unauthorized access to information.
It can be visualized as concentric circles. With the data, Toby secured the center.
Each layer provides protection, but if one is breached, the subsequent in place is to prevent further exposure.
The data layer is the inner layer of the circle.
The owner of the data is responsible of security, the data and controlling access to it.
Quite often, there are compliance in the regulatory requirements that dictate the controls and processes that need to be in place to ensure confidentiality, integrity and the vulnerability of the data.
Things you can do at this layer are ensured. The data is encrypted, addressed and in transit and district. The access toe data on a need to know basis.
The next layer is the application layer. By integrating security in the application development, lifecycle application on Erskine ensured that application is secured by default.
Making security require part of the application design will reduce the number of vulnerabilities introduced in the court.
Make sure the security is included in the application design. Call this free from known vona. Vulnerabilities and secrets are taken out of configuration files and starting secure storage.
Securing the computing infrastructure insures proper access controls an endpoint protection are in place. Patching and updates are also integral part of securing the computing infrastructure of your application
at the next four player. The goal is to limit the connectivity between systems to the minimum that is required. By doing this, you can prevent the lateral movement throughout the network. Make sure you deny access by default and only a low port and systems that need to interact
at the perimeter. You protect the access to your network from external Attackers. Utilizing the firewalls functionality will allow you to identify an alert on malicious activity against your network.
Videos, protections, service's field, a lot of scale attacks even before reaching your end points.
The identity and access layer ensures that identities have not compromised. Access is granted toe out. Rice parties and activities are monitored.
Make sure that long in the temps are locked in, alerted on and your user use single sign on for the easier management and motive factor authentication for stronger protection.
The physical layer is the first line of defense is going to prevent unauthorized physical access to the assets and bypassed out their security measures
In the next video, we'll look at the tools and service is as your offers to implement the security in that.