Azure Local for Cyber Security
In 2021, Microsoft committed to investing $20bn in cyber security over the following five years implementing ‘cyber security by design’ across their entire product stack. At that time, Microsoft was already the largest cyber security vendor “by an order of magnitude” according to Vasu Jakkal , who has led Microsoft’s cyber business since 2020.
Azure Local exemplifies this approach, incorporating an extensive range of security tools, including:
Multifactor Authentication (MFA)
Conditional access, Role-Based Access Control (RBAC), and Privileged Identity Management (PIM)
Data encryption at rest and in transit (AES-256)
Comprehensive support for Confidential Compute for both virtual machines and container-based applications
Software-defined Network (SDN) and Software-defined Wide Area Network (SD-WAN)
Integration with Azure Monitor and Microsoft Sentinel, which provides Security Information Event Management (SIEM) and Security Orchestration Automated Response (SOAR) capabilities.
These capabilities - combined with predefined security baselines and the rapid availability of platform patches, thanks to Exponential-e’s solutions being built on Dell’s APEX Cloud Platform for Microsoft Azure - makes the platform ideal for secure deployments, including those requiring formal assessment or accreditation, such as PCI / DSS, healthcare, and Government use cases.
Whilst traditional encryption techniques can offer data protection for storage on disk, in database tables, and for transmission, Confidential Compute extends data protection to data-in-use (i.e. while in RAM), using a hardware-based, trusted execution environment, centred on a zero-trust approach. This can be implemented with virtual machines and container-based workloads.
Confidential Compute ensures confidentiality of workloads by preventing access from the Cloud operator, the tenant operator, and even advanced physical attacks such as cryogenically frozen RAM. These capabilities can be used across all deployed workloads, including Azure Virtual Desktop, ensuring the platform can be effectively utilised in the most sensitive, highly secure environments.
When Azure Local is delivered as a service by Exponential-e, with its lifecycle management fully integrated with Microsoft, customers can be assured of faster implementation of security updates and a ‘forever green’ infrastructure, with ever-evolving functionality.For customers utilising virtual machines running legacy versions of Windows, the inclusion of the Extended Security Update (ESU) program at no extra cost, via the CSP Hybrid Benefit for Windows Server, offers additional layers of security and resilience.
Whilst fundamentally a connected platform, Microsoft provides granular control over the integration with and dependence on the Azure public Cloud throughout Azure Local, including with PaaS functions. For managed databases, for example, the data controller can be deployed in either Direct or Indirect modes, the latter suited to scenarios with limited connectivity or serving workloads with specific data sovereignty or gravity requirements.The platform also provides integration with Azure Security Center, which provides advanced threat protection and vulnerability management, as well as security insights across the estate.
Lifecycle management is critical to maintaining the platform’s performance, reliability, and security. Dell OpenManage Integration for Microsoft Windows Admin Center fulfils this requirement, providing full-stack lifecycle management with cluster-aware updating. By live migrating the AKS hybrid control plane and worker node VMs during the update process for the core operating system, BIOS, firmware, and drivers, any potential service interruptions are avoided.
OpenManage Integration for Windows Admin Center also extends the lifecycle management to Azure Policy. This enables configuration compliance checks to rapidly detect and remediate deviations, triggered by either defined best practice or unauthorised changes to underlying infrastructure, including BIOS, out-of-band management (iDRAC), and other component-level configuration across integrated systems.
Yes, actively evaluating
Maybe, exploring options
Not at this time
Already using Azure Local
