Great summary of Azure CTO Mark Russinovich’s presentation at the 2015 RSA conference by Rob Wright.
Azure security is split into three categories. The first is protection, which features components such as identity and access and vulnerability management. The second is detection, which includes auditing, logging, monitoring and penetration testing. And the third category is response, which involves breach containment and customer notification.
Cloud services are appealing targets for hackers and cybercriminals, according to Russinovich.
“It’s easy to get a free trial,” he said. “And once you get a free trial, you have at your disposal huge network pipes, lots of compute power, and you’ve got a concentration of vulnerable assets in the cloud, which are the other customers in that cloud.”
Microsoft looks at best — and worst — practices for Azure security (TechTarget)