One of our core values at New Signature requires us to “promote trust and credibility”, and as part of that, we take the security and access management of your data as seriously as you do. When you import your data into the Cloud Management Portal (CMP), it’s important to feel secure in the way it is handled.
When I upload my data to the portal, is it still secure?
First, your company is and always will be the owner of your data. Connecting that data to the CMP tools does not transfer those rights to New Signature or Microsoft.
When you register for CMP, your data becomes part of Microsoft’s public cloud through Azure SQL, which is Microsoft’s cloud database service. The underlying infrastructure is a website on Azure in front of Azure SQL and Azure DocumentDB. This technology enables storing relational data in the cloud with ease of access, global admin rights, and quick scalability.
What data do you have access to?
The CMP has read-only access to the Azure billing feed and subscription data.
To get access to the billing feed, we require a Billing API key which you obtain from the Microsoft Azure EA Portal (https://ea.azure.com/). To see what data we get, use the same portal to download the billing spreadsheet (Reports->Download Usage). This is the same data the API gives us. Customers can expire the API key and remove access at any time.
For RightSizing, you authorize read access to the subscriptions where you want to gain the functionality. We use this privilege to pull virtual machine performance telemetry and to determine if the virtual machines are over sized, under sized, or right sized.
How “public” is Microsoft’s public cloud?
The term “public cloud”, may create some hesitation, but “public” does not refer to public accessibility of data. It simply differentiates it from the private cloud offerings of Microsoft, which is a cloud platform constructed for a single organization. While many organization house their data within Microsoft’s public cloud, all the data is fully segregated within the realm of the cloud.
Is my data encrypted?
Data is encrypted in transit via Transport Layer Security (TLS) and at rest using SQL transparent data encryption (TDE).
Finally, New Signature is uniquely positioned to act as a security support to your Cloud Management Portal, and all your cloud activities and tools through our Managed Service’s Cloud Management Experience (CMX) offering. While our Cloud Management Portal gives you a dashboard view of all your Microsoft Azure subscriptions, usage and spending, CMX Services manage all key aspects of your cloud environments, and include offerings for cloud advisory, cloud operations, and cloud governance.
We will continue our CMP security information in next week’s CMP blog around governance and user roles.