Security Design and Operations
Design for security from the ground up.
Azure code development adheres to Microsoft’s Security Development Lifecycle (SDL). The SDL is a software development process that helps developers build more secure software and address security compliance requirements while reducing development cost. The SDL became central to Microsoft’s development practices a decade ago and is shared freely with the industry and customers. It embeds security requirements into systems and software through the planning, design, development, and deployment phases.
Enhancing operational security.
Azure adheres to a rigorous set of security controls that govern operations and support. Microsoft deploys combinations of preventive, defensive, and reactive controls including the following mechanisms to help protect against unauthorized developer and/or administrative activity:
- Tight access controls on sensitive data, including a requirement for two-factor smartcard-based authentication to perform sensitive operations.
- Combinations of controls that enhance independent detection of malicious activity.
- Multiple levels of monitoring, logging, and reporting.
Additionally, Microsoft conducts background verification checks of certain operations personnel and limits access to applications, systems, and network infrastructure in proportion to the level of background verification.
One key operational best practice that Microsoft uses to harden its cloud services is known as the “assume breach” strategy. A dedicated “red team” of software security experts simulates real-world attacks at the network, platform, and application layers, testing Azure’s ability to detect, protect against, and recover from breaches. By constantly challenging the security capabilities of the service, Microsoft can stay ahead of emerging threats.
Incident management and response.
Microsoft has a global, 24x7 incident response service that works to mitigate the effects of attacks and malicious activity. The incident response team follows established procedures for incident management, communication, and recovery, and uses discoverable and predictable interfaces with internal and external partners alike. In the event of a security incident, the security team follows these five phases:
Identification: If an event indicates a security issue, the incident is assigned a severity classification and appropriately escalated within Microsoft.
- Containment: The immediate priority of the escalation team is to ensure the incident is contained and data is safe.
- Eradication: After the situation is contained, the escalation team moves toward eradicating any damage caused by the security incident and identifies the root cause of the security issue.
- Recovery: Software or configuration updates are applied to the system and services are returned to full working capacity.
Lessons Learned: Each security incident is analyzed to ensure the appropriate mitigations are applied to protect against future recurrence.