Microsoft Beefs Up Azure Security With Cryptography

    This post has matured and its content may no longer be relevant beyond historical reference. To see the most current information on a given topic, click on the associated category or tag.

    If you’ve been worried about the Heartbreak virus, here’s some new good news from Microsoft regarding their Azure Web Sites.  Microsoft continuously upgrades their security measures to stay in line with regulatory compliance standards, such as HIPA, FINRA and FISMA.  Agile IT is proud to be a Microsoft Partner and be able to tell our clients in complete sincerity that their information is safe in the Microsoft Cloud.

    This article excerpt, by Chris Talbot, originally appeared here: https://bit.ly/1itt6Pr

    Security may not be as big of a concern when it comes to cloud as it was a few years ago, but it still comes up as an important concern when CIOs are polled. So Microsoft’s (MSFT) latest security upgrade to its Azure Web Sites cloud service makes a lot of sense.

    Following security issues surrounding the NSA and the Heartbleed vulnerability, Microsoft has employed elliptic curve cryptography (ECC) to make it more difficult for nogoodniks to break into customers’ offerings on its platform-as-a-service (PaaS).

    ”Securing your site with SSL has never been more important, but even though encryption isn’t new, cryptographers keep looking for ways to be more secure, and we in Azure Web Sites are always looking for ways to support the latest and greatest,” wrote Erez Benari, program manager for Azure Web Sites, in a blog post.

    Benari goes fairly deep into the mathematics of ECC, but in the end, he noted the ECC encryption is harder by a factor of 10 than classic private/public key generation. Not insignificant, by any means, and Azure customers and partners are likely to be the beneficiaries of such cryptography on the Azure Web Sites service.

    ”What all this means in the real world is that instead of buying a regular SSL certificate to secure your site, you can choose to purchase an ECC certificate instead, thus having better security. ECC certificates are relatively new to the market, and so not many certificate providers offer them. One such provider is Symantec, and another is Entrust, and other providers will soon jump on the wagon as well,” Benari wrote.