Ensuring security and management in cloud

Once you’ve migrated, you’ll want to keep your VMs continuously secure, protect your data, and monitor your cloud health. All that’s easy to do with Azure—once you have an understanding of the full suite of available controls and capabilities.

Secure cloud resources

Ensuring strong security for your cloud-based resources is a responsibility that’s shared between you and your cloud provider. Azure is built with a foundation of trust and security, compliance, privacy, and transparency. The Azure platform provides a solid foundation on which to host your infrastructure, with built-in security controls and capabilities to help further protect your data and applications.

Azure Security Center provides unified security management and advanced threat protection across hybrid cloud workloads. Azure Security Center enables you to take advantage of capabilities like these:

Centralized policy management. Ensure compliance with company or regulatory security requirements by centrally managing security policies across all your hybrid cloud workloads.

Continuous security assessment. Monitor the security of machines, networks, storage and data services, and applications to discover potential security issues.

Actionable recommendations. Remediate security vulnerabilities—before they can be exploited by attackers—with prioritized and actionable security recommendations.

Advanced cloud defenses. Reduce threats with justin-time access to management ports and whitelisting to control applications running on your VMs.

Prioritized alerts and incidents. Focus on the most critical threats first by taking advantage of prioritized security alerts and incidents.

Integrated security solutions. Collect, search, and analyze security data from a variety of sources, including connected partner solutions.

Protect data

Azure helps ensure workloads and data are fully backed up and protected from disasters while providing encryption of stored data for internal and customer security. Azure can also automatically encrypt your stored data—while allowing full accessibility to all applications and users.

VM disk encryption. Azure Disk Encryption enables encryption of Windows and Linux Azure Virtual Machines disks. Azure Disk Encryption uses the industry-standard BitLocker feature of Windows and the dm-crypt feature of Linux to provide volume encryption for the OS and data disks. The solution is integrated with Azure Key Vault to help you control and manage the disk encryption keys and secrets in your key vault subscription while ensuring that all data in the VM disks is encrypted at rest in your Azure storage

VM backup. Azure Backup is a scalable solution that protects your application data with zero capital investment and minimal operating costs. Application errors can corrupt your data, and human errors can introduce bugs into your applications. With Azure Backup, your VMs running Windows and Linux are protected.

Azure Site Recovery. An important part of your organization’s business continuity and disaster recovery (BCDR) strategy is figuring out how to keep corporate workloads and apps up and running when planned and unplanned outages occur. Azure Site Recovery helps orchestrate the replication, failover, and recovery of workloads and apps so that they’re available from a secondary location if your primary location goes down.

Monitor cloud health

As with any system, monitoring cloud health is important to drive both proactive and reactive analysis. Azure provides many monitoring services targeted at applications, workloads, and core service health to ensure you have full visibility into current system status—and access to important data when you’re working with a break-fix situation.

Azure Monitor. Azure Monitor enables you to monitor Azure services by collecting metrics, activity logs, and diagnostic logs. For example, the activity log tells you when new resources are created or modified. Metrics are available that provide performance statistics for various resources—and even for the OS inside a VM. You can view this data with one of the explorers in the Azure portal, send it to Azure Log Analytics for trending and detailed analysis, or create alert rules to notify you of critical issues proactively. Standard metrics are free and include select metrics originating from Azure resources, services, and first-party solutions. More advanced metrics—including insights into the availability, performance, and usage of your applications, along with health monitoring and alert rules—are also available. For more information, see Azure Monitor pricing.

Service Map. Service Map provides insight into your IaaS environment by analyzing VMs and their dependencies on other computers and external processes. It integrates events, performance data, and management solutions in Log Analytics. You can view this data in the context of each computer and its relation to the rest of your environment.

Network Watcher. Network Watcher provides scenariobased monitoring and diagnostics for various network scenarios in Azure. It stores data in Azure metrics and diagnostics for further analysis.

Service Health. It’s important to be aware of any issues with the Azure services your applications depend on. Azure Service Health identifies issues with Azure services and helps you plan for scheduled maintenance.

Azure Advisor. Azure Advisor constantly monitors your resource configuration and usage telemetry. It then gives you personalized recommendations based on best practices. Following these recommendations can help you improve the performance, security, and availability of the resources that support your applications.

Many premium management solutions are packaged sets of logic that provide insights for an application or service.

They rely on log analytics to store and analyze the monitoring data that they collect. Azure Log Analytics enables deeper visibility into your hybrid IT environment and allows you to diagnose performance issues from an advanced analytics portal with one click. With Azure Log Analytics, you can:

Analyze data. You can use provided dashboards to run log searches by constructing queries to analyze collected data. These dashboards can be customized with graphical views of your most valuable searches. Once you have a defined collection of operational data from your Azure VMs and activity logs, you can perform powerful searches.

Visualize data. Log Analytics dashboards can visualize all your saved log searches, giving you the ability to find, correlate, and share IT operational data.

Get data alerts. Alerts in Microsoft Azure inform you about important information in your repository. They are created by alert rules that automatically run log searches at regular intervals and match certain criteria. With Action groups, you can perform advanced actions with alerts, such as creating an email notification, launching an automation runbook, or creating an incident record in your ITSM incident management system.

Tools for security and management

Azure Security Center. Apply security policies across workloads, limit exposure to threats, and detect and respond to attacks. Learn more about Azure Security Center.
Azure Log Analytics. Centralize log data from multiple systems in a single data store. Learn more about Azure Log Analytics.
Azure Monitor. Get detailed, up-to-date performance and utilization data; access to an activity log that tracks every API call; and diagnostic logs that help you debug issues in your Azure resources. Learn more about Azure Monitor.