Last Revised: July 2018
At CoLabs, we take the security of your data within IntelAgree seriously. For this reason, we use the Microsoft Azure cloud-based platform to host the IntelAgree application and your data.
With Microsoft Azure, we are able to protect your data through multi-layered security safeguards.
- Monitor security across on-premises and cloud workloads
- Apply policy to ensure compliance with security standards
- Find and fix vulnerabilities before they can be exploited
- Use access and application controls to block malicious activity
- Leverage advanced analytics and threat intelligence to detect attacks
- Simplify investigation for rapid threat response
Microsoft Azure and the underlying Microsoft Cloud and Infrastructure Operations (MCIO) physical environments employ security frameworks that span multiple standards, including the ISO 27000 family of standards, NIST 800, and others. ISO 27001 defines how to implement, monitor, maintain, and continually improve the Information Security Management System (ISMS). Microsoft’s Information Security Policy also aligns with ISO 27002, augmented with requirements specific to Azure. ISO 27002 is not a certification but provides a suggested set of suitable controls for the Information Security Management System.
The following provides additional details about how the Microsoft Azure platform security allows us to protect your data. For additional information, please consult the Microsoft Azure Security Center – https://azure.microsoft.com/en-us/services/security-center/.
Using Azure tools, we are able to understand the security state across on-premises and cloud workloads
We get a unified view of security across all of our on-premises and cloud workloads. We can automatically discover and onboard new Azure resources, and apply security policies across our hybrid cloud workloads to ensure compliance with security standards. We collect, search, and analyze security data from a variety of sources, including firewalls and other partner solutions.
We can find vulnerabilities and remediate quickly
We continuously monitor the security of our machines, networks, and Azure services using hundreds of built-in security assessments and can create our own. We use actionable security recommendations to remediate issues before they can be exploited.
We limit our exposure to threats
We enable adaptive threat protections to reduce exposure to attacks. For example, we block malware and other unwanted code by applying application controls adapted to our workloads and powered by machine learning. We can enable just-in-time, controlled access to management ports on Azure virtual machines to drastically reduce surface area exposed to brute force and other network attacks.
We detect and respond swiftly to attacks
We use advanced analytics and the Microsoft Intelligent Security Graph to get an edge over evolving cyber attacks. We are able to leverage built-in behavioral analytics and machine learning to identify attacks and zero-day exploits. We monitor networks, machines, and cloud services for incoming attacks and post-breach activity. This streamlines investigations with interactive tools and contextual threat intelligence.
Data storage security
Azure Storage is the cloud storage solution for modern applications that rely on durability, availability, and scalability to meet the needs of their customers. Azure Storage provides a comprehensive set of security capabilities. You can:
- Secure the storage account by using Role-Based Access Control (RBAC) and Azure Active Directory.
- Secure data in transit between an application and Azure by using client-side encryption, HTTPS, or SMB 3.0.
- Set data to be automatically encrypted when it’s written to Azure Storage by using Storage Service Encryption.
- Set OS and data disks used by virtual machines (VMs) to be encrypted by using Azure Disk Encryption.
- Grant delegated access to the data objects in Azure Storage by using shared access signatures (SASs).
- Use analytics to track the authentication method that someone is using when they access Storage.
Azure includes a robust networking infrastructure to support your application and service connectivity requirements. Network connectivity is possible between resources located in Azure, between on-premises and Azure hosted resources, and to and from the internet and Azure. Azure provides network security with the following safegards:
- Network access control
- Secure remote access and cross-premises connectivity
- Robust availability
- Name resolution
- Perimeter network (DMZ) architecture
- Monitoring and threat detection
- Azure DDoS protection
Network access control
Network access control is the act of limiting connectivity to and from specific devices or subnets within a virtual network. The goal of network access control is to limit access to your virtual machines and services to approved users and devices. Access controls are based on decisions to allow or deny connections to and from your virtual machine or service. Azure supports several types of network access control, such as:
- Network layer control
- Route control and forced tunneling
- Virtual network security appliances