Blue Stingray’s Approach to Azure Security

Blue Stingray’s Approach to Azure Security



An Overview Of Azure

Microsoft Azure is Microsoft’s public cloud computing platform. Azure is considered both a platform and infrastructure as a service offering, with over 200 products and services available.  95% of Fortune 500 companies use Azure, showcasing the strength and reliability of the platform. Microsoft is currently leveraging the power of legacy software in enterprises, and Azure is quickly gaining on Amazon Web Services as the top cloud computing platform available. 
Because of the current and rising usage of Azure, Blue Stingray recognizes the importance of understanding the multiple security services and tools available for Azure in order to provide a secure application and hosting environment for PII and PCI data.

Blue Stingray’s Azure Security Strategy

We design our Azure security strategy individually for each client. Blue Stingray focuses on four key components of security to provide the best protection for all of our projects. We begin with a secure physical hosting infrastructure that meets or exceeds PCI DSS Level 1 compliance to protect all hosted data. All of our platforms are built securely within that hosting infrastructure to meet the industry standard for secure access and data retention. We also implement secure logging and audits of the systems and access to the platform. To further protect our clients, Blue Stingray provides appropriate backups and recovery that maintains secure storage and access, separated from the core application.

Recommended Solutions

   Amazon Web Services / Microsoft Azure

Both Amazon Web Services and Microsoft Azure provide fully PCI DSS compliant hosting environments and core services for deployment of the application, databases, firewall, load balancers, logging, key management, and backups.

   Ubuntu Pro

Ubuntu Pro provides a secure, stable operating system with extended security support for 10 years from the date of release. Automated high-security patch deployment is built-in and minimizes the impact of any 0-day vulnerabilities.

   AWS Load Balancer and AWS WAF / Azure Load Balancer and Azure WAF

We filter end-user access to the application through the respective service’s Load Balancer and WAF technologies. The Load Balancer and WAF technologies provide robust firewall and application security including automated rejection of dangerous or suspicious requests and geographic control based on source IP Addresses. Connections to external networks will be secured with industry-standard TLS v1.2+. 

   AWS Key Management and AWS Secrets Manager / Azure Vault

We provide secure storage, generation, rotation, and revocation of security and encryption keys external to the application using these services. We use these keys to encrypt all PII and PCI data at rest using standard AES-256 encryption. Backups are encrypted with their own security key not shared with the core application. 

   AWS Cloudwatch / Azure Monitor

Application and server logs are stored and audited on a regular basis within AWS Cloudwatch or Azure Monitor. This provides a secure audit trail of all activity retained for a minimum of 365 days, as well as server load monitoring and availability statistics.

   AWS 2FA / Azure 2FA

Both AWS and Azure provide secure multi-factor authentication which we require as part of standard administrator and developer security controls. Authentication can also be made available or required for end-user access to the application. Blue Stingray makes all accounts unique to an individual, governed by the principle of minimum viable access to accomplish assigned tasks or roles. We log access, and hosting management functions are further restricted to whitelisted IP addresses.

   Acunetix / Burp Suite / Third Party Security Assessment

We execute quarterly security penetration testing with well-regarded industry-standard tools like Acunetix and Burp Suite. At a minimum, yearly audits by a third-party security assessment firm should be conducted. This can be contracted by Blue Stingray or the client. Blue Stingray can recommend a PCI DSS-approved vendor on request.

Security is of the utmost importance for our projects. Azure includes many tools to provide the best security possible, and as a platform trusted by the large majority of Fortune 500 companies, is a proven secure solution. Contact Blue Stingray to learn more about how our expertise can assist you with your current development needs.

 

Blue Stingray has been, and continues to be, a vital part of our e-commerce team.”

— TOPS Office Products
Have a project? Get In Touch