Azure recent improvements are considered a great leap forward in the security of their cloud services. In the last months, Azure has, for example, removed RC4 as a weak cipher, is certified to meet the EU –US Privacy Shield requirements, added Information Protection Azure, enabled integration with external Hardware Security Modules (HSM), and even supports the Lamp stack. Azure also sets the bar high by providing good transparency around security, and by doing so, Azure shows confidence in its security posture. While some minor flaws exist, Azure tops the list of IISRI® 's cloud security ratings.
Azure Information Security Rating Report - External
In the external rating report, you will find IISRI® ’s opinion on how the cloud provider ensures tenants' privacy and Intellectual property rights. IISRI® discusses and analyses further if and how the cloud provider uses and provides encryption to protect the data of their tenants. As for physical security, IISRI® considers different environmental risks, like earthquakes and floods, especially since, in most cases, cloud providers disclaim any kind of liability for force majeure events. IISRI® will also elaborate on the cloud provider’s capability to cope with outages and provide their tenant's different types of failover options within and outside their location. In this report, you will also find IISRI® I’s analysis of human resource security and security compliance with the standards of the cloud provider. IISRI® also has opinions about the cloud provider’s capability to manage vulnerabilities and security incidents. The report also depicts IISRI® ’s analysis of the cloud provider’s service levels to ensure the appropriate level of security to their tenants and otherwise compensations according to best practices. This and many other security aspects are discussed in this report.