It’s interesting how the perception of cloud security has continued to evolve in the last few years. On the one hand, most of us do our personal banking online (i.e., in the cloud). We trust our financial institutions and the technology they offer to manage our money without a second thought.

On the other hand, many small to midsized businesses are still hesitant and afraid to move their business data to the cloud. The rising threat of ransomware and cyberattacks has put pressure on all of us to prepare, prevent, and protect our critical business systems, data, and employees.

The funny part is, Microsoft has made the security for cloud and online business management the same if not better than finance and banking companies. Their world-renowned multilayered cloud security tools and capabilities should provide the peace of mind necessary for business owners. And yet, the stakes are perceivably higher.

The only way to fully grasp how secure your data is in the Microsoft cloud is to gain a complete understanding on the security features and tools built into their products. This is especially important for Business Central (BC) users, or those considering Business Central Cloud for their ERP.

Companies currently running an on-premise version of Dynamics NAV or BC will require an eventual migration to the cloud and new cloud security considerations.

In this blog post, we have provided a list of the top security tools and capabilities available in Microsoft Azure and Business Central. Our goal is to help you understand and develop trust in Microsoft’s cloud security options and take advantage of the existing end-to-end cloud security tools at your disposal.

How Secure is Microsoft Azure?

Microsoft Azure is one of the leading public cloud service platforms in the world. It is a fast and flexible platform that provides a suite of infrastructure solutions to deploy your applications, including IaaS, PaaS, SaaS, and serverless computing.

As a public cloud service, Microsoft owns and operates all data centers, hardware, software, and supporting infrastructure. Those foundational pieces and vast infrastructure are designed for hosting millions of customers at the same time from facility to applications.  

One of the reasons why Azure is used by 95% of Fortune 500 companies is the extensive range of security tools and capabilities. When you consider that Microsoft invests over $1 billion annually in cybersecurity research and development to be able to make constant improvements, it’s no wonder.

These adaptable tools and services allow customers to safely secure and protect their data, applications, and other assets while detecting threats and monitoring activity. Here is a high-level overview of some of Microsoft Azure’s multilayered security features:

• Massive Network of Cybersecurity Experts
  How many do you have in your organization working on cybersecurity? Microsoft has more than 3,500 global cybersecurity experts dedicated to safeguarding your business assets and data in Azure.
  
  
• Global Geo-Synchronous Data Centers
  To drive your cloud operations at an optimal level, you can choose the best region for your business needs based on technical and regulatory considerations: service capabilities, data residency, compliance requirements, and latency.
  
  
• More Security Certifications Than Any Other Cloud Provider
  Azure provides the ability for customers to meet unique security requirements and regulatory compliance standards. Here is the full list of the national, regional, and industry-specific regulations it meets.
  
  
• Network Reliability and High Availability
  Azure has a core framework of features designed to deliver high availability applications and workloads, including availability sets, availability zones, fault domain, and update domain. Azure Availability Zones, for example, are “physically and logically separated datacenters with their own independent power source, network, and cooling (Microsoft)”.
  
  By connecting more than 60 Azure regions, 220 Azure datacenters, and 170 edge sites, Azure offers industry best 99.99% uptime SLA for virtual machines and a trusted platform for building your business continuity and disaster recovery strategy.

• Azure Security Center
  Although Microsoft has various physical, infrastructure, and operational controls in place to secure the Azure platform, there are additional services available to protect your workloads. Azure Security Center can be turned on to strengthen your cloud security posture by assessing and visualizing the security state of your resources (including servers, storage, SQL, networks, applications, and workloads that are running in Azure, on premises, and in other clouds).
  
  It also provides advanced threat detection through Azure Defender, which is integrated with Security Center to protect your hybrid workloads (in the cloud and on premises).

• Leader in Data Access Management
  Gartner recently named Microsoft a leader for Access Management, largely due to Azure Active Directory (Azure AD). Azure AD is a service used for managing and securing identities. Whether your employees are on-site or remote, Azure AD provides single sign-on and multi-factor authentication to help protect them from cybersecurity attacks.
• FUN FACT: Azure AD manages more than 1.2 billion identities and processes over 8 billion authentications daily.
  
  
• Azure Security Benchmark
  Azure provides a trustworthy and highly configurable foundation to meet your security requirements, but there is a lot to learn. Microsoft has developed a list of recommendations and specific set of Azure security and compliance guidelines called the Azure Security Benchmark program. These best practices are designed to help secure the services you use in Azure:
  
  
  Click here for further reading.

6 Pillars of Dynamics 365 Business Central Security

Now that you have a better understanding of the security foundation of Microsoft Azure, let’s dive deeper into the specific areas of security in Business Central. Business Central is a cloud service that runs on the Azure platform, which means you benefit from all of Azure’s top security features that we shared in the previous section. Here are the 6 pillars of Business Central security to be aware of: 

1. Multi-Factor Authentication
   Business Central in the cloud uses Azure AD as its authentication method, which is automatically set up and managed for you during installation. Before users can sign in to the Business Central application, they must be authenticated as valid users in the system.
   
2. Authorization
   Once users are authenticated, authorization determines which areas a user can access. For example, it controls who can open specific pages and reports, as well as the permissions on associated data in the system. Management of user accounts, roles, and permissions is done from the Business Central clients.
   
3. Data Encryption
   In Business Central online, data encryption is always enabled (unlike the on-premise version). Data backups are always encrypted, and all network traffic inside the service uses industry-standard encryption protocols.
   
4. Auditing
   Business Central includes a selection of auditing features to help you track information about who is signing in, what their permissions are, what data they have changed, etc. For example, Business Central includes a change log where administrators can track a user’s direct modifications to data in the database. You can also classify what fields hold sensitive or personal data.  
   
5. Service Integration
   Microsoft recommends using encrypted network protocols to connect to the Power BI server and Business Central web services.  
   
6. Regulatory Compliance
   Built on the secure Azure platform, Business Central contains functionality that makes it easy for customers to comply with compliance and regulatory legislation. It offers many options for application (E.g., General Data Protection Regulation), service level, and local compliance, as well as general and country-specific certifications. As a cloud service, it also conforms to security standards and strict requirements in several ISO and industry-specific certifications.

Setting Your Business Central System Up for Optimal Security

Keeping your business data safe is a joint effort between you and your cloud provider. A public cloud service provider, like Azure, operates under a shared responsibility model. That means there is a division of responsibilities depending on your type of deployment.

In a cloud deployment, you own your data and identities and are therefore responsible for managing the security of your data and identities. Because of this, there are still several responsibilities that are always retained by the customer, regardless of deployment. They include data, endpoints, accounts, and access management.

There is a lot to learn about Microsoft Azure and Business Central security, so it helps to have a solution provider that is accustomed to the tools and nuances! At Clients First, we have an extensive background in proactive IT and network security, business continuity, and the end-to-end security features and functionality for your Microsoft solution. Our experienced team has helped hundreds of Business Central customers assess their existing security settings and set them on the right path for optimal security.

If you’re uncertain about your current cloud security measures, get in touch with a Business Central and data security expert below.