Security consideration and compliance regulation are the important concerns of the people who opt for hybrid clouds while using IaaS and PaaS technologies. Azure stack answers to these needs and specially designed while keeping users’ requirements in the mind. Assume breach and hardened by default are the two main principles on which the design of the security posture of azure stack is based. The security stack strictly stops the intrusion of the malicious entity and also detect a security flaw present in the system.

The hacker can’t access all components of the system rather he will be restricted only to the actions for which the system is designed for. It becomes possible with the help of assume breach principle and doubling down on the same feature will result in the removal of the admin accounts in Azure Stack. The user can even break down the admin role by introducing the role based access control (RBAC) and can also expose the capabilities to each role. The completely sealed infrastructure of Azure stack makes it impossible to enter any malicious item into the system while the implantation of the network access control list on every level of stack blocks all unauthentic users and follows the rule of block everything other than the necessary commands.

Highly encrypted hardware and software are used in Azure Stack which has military level security. The security level is made at both infrastructure and tenant data with TSL 1.2 and disabled legacy protocols (such as NTLM, SMBv1). Kerberos-based authentication of infrastructure components, Secure Boot, TPM 2.0. Additionally, UEFI, Windows Server 2016 security features like Credential Guard, and anti-malware window defender are combines to ensure flawless security. Orchestration engine is applied across the entire infrastructure to solve the problem of no security posture without a solid serving process. OEM specific components are also the part of Azure Stack which is helpful in penetration testing.

Azure Stack Regulatory Compliance

3PAO (3rd-Party Assessor Organization) approach is accessed in Azure Stack to avoid paperwork compliance. The jump start certification process is used for the users’ documentation and it accesses the  PCI-DSS and the CSA Cloud Control Matrix standards. The Common Criteria of Azure Stack is also defined to confirm whether or not Azure Stack meets the applicable control. For the further information and guidance, you can follow this link: BRK3089 – Microsoft Azure Stack security and compliance.