Comprehensive, Prevention-Based Security for Azure Government Cloud
Today on Azure Government
The Palo Alto Networks® VM-Series virtualized next-generation firewall on Microsoft Azure allows government agencies to apply the same advanced threat prevention features and next-generation firewall application policy controls used in their physical data centers to the Azure Government Cloud. As a result, government agencies can confidently make the move to a public infrastructure, while ensuring that their applications and data are protected from a wide range of known and unknown threats.
Enabling Cloud First
Government agencies continue to adopt a cloud-first approach. They can maintain the portability of application and security policies, while also taking advantage of the agility, scalability and cost savings offered with the Microsoft Azure cloud platform.
The Microsoft Azure Government Cloud, a physically isolated instance of Microsoft Azure, is designed exclusively for government agencies. It enables U.S. government agencies and partners to migrate their mission-critical workloads to the cloud, while maintaining high security and meeting complex government compliance regulations.
However, as stated by the shared responsibility model, protecting Microsoft Azure applications and data from compromise remains the responsibility of the government agency. Understandably, security concerns around moving data from their data centers - which government entities manage and control directly - to outsourced cloud services are still prevalent.
Analytics and Security
The Palo Alto Networks VM-Series on Azure and Azure Government Cloud natively analyzes all traffic in a single pass to determine the application identity, the content within, and the user identity. By using these elements to better inform policy decisions, government agencies can accomplish several security-related objectives:
- Identify and control applications traversing the Azure deployment, regardless of which ports they may use. The knowledge of which applications are in use allows governments to employ more granular firewall policies to improve overall security posture.
- Safely enable applications and users. Using the application as the basis for your Azure security policy allows you to create application whitelisting and segmentation policies that leverage the deny-all-else premise upon which a firewall is based. Allow the applications you want in use, deny all others, and grant access based on need and credentials.
- Block lateral (east-west) movement of cyberthreats (e.g., malware). By exerting application-level controls using Zero Trust principles in between VMs, government agencies can reduce the threat footprint, and apply policies to block known and unknown threats.
- Automate security deployment and policy updates. Native management features - including bootstrapping, dynamic address groups and a fully documented XML API - allow you to deploy new applications and next-generation security in an automated manner.
- Simplified, centrally managed virtual and physical firewalls. Ensure policy consistency and cohesiveness across virtual and physical firewall form factors with Palo Alto Networks Panorama network security management.
Government agencies can deploy the Palo Alto Networks VM-Series virtualized next-generation firewalls in Azure Government Cloud to address a variety of use cases, including hybrid cloud environments, segmentation gateways and internet gateways. The VM-Series on Azure Government uses the traditional, bring-your-own license model. Check out the following resources to learn more:
- Attend a Workshop at Federal Ignite 2017
- VM-Series on Microsoft Azure Resources
- Securely Enabling a Hybrid Cloud in Microsoft Azure
*Note: a version of this blog post also appears on the Palo Alto Networks blog
We welcome your comments and suggestions to help us continually improve your Azure Government experience. To stay up to date on all things Azure Government, be sure to subscribe to our RSS feed and to receive emails, click "Subscribe by Email!" on the Azure Government Blog. To experience the power of Azure Government for your organization, sign up for an Azure Government Trial.