Skip to content
Create your Cloud strategy with our complimentary Gartner® template, 'The Gartner Cloud Strategy Cookbook'.
microsoft_azure_logo-1
Microsoft Azure

Why Microsoft Azure is the future for building critical infrastructures

Aiming for safety, connectivity and accessibility in the cloud

Contents

Introduction

Managing and improving critical infrastructure, including utilities, transportation services, urban innovation and digital services is one of the most important functions of many public and private sector organisations worldwide.

At every level, people managing critical infrastructure functions understand the potential of digital transformation to improve services, increase resilience, cut costs, and address pressing issues such as climate change. Yet they must proceed with care due to the high-stakes nature of their responsibilities. Even more than other organisations, their work requires them to focus on the following:

 

Availability

Mitigating the impact of service disruptions is vital. A robust backup and disaster recovery strategy is needed to help minimise downtime.

Privacy

Increasing digitalisation requires new security measures to keep information safe, especially personally identifiable information from customer accounts.

Safety

When emergencies strike - such as natural disasters leading to power outages and transit shutdowns - responding appropriately is a matter of safety for both customers and workers to ensure your data is protected at all costs. 

Compliance

Government bodies regulate where and how data can be stored and handled, both on-premise and in the cloud. Organisations need a cloud service provider that maintains compliance with relevant standards to support the seamless modernisation of IT infrastructure.

 

Digital transformation is a journey, and each organisation’s path will differ. Capabilities diverge even within a single agency or operating unit, and growth opportunities come in all shapes and sizes. Technology evolution is critical, enabling factor for advancing along this journey.

Here, we look at some of the key challenges for critical infrastructure and how the solutions available in Microsoft Azure can help solve them.

Conversion at work

 

All over the world, government agencies and organisations responsible for critical infrastructure are creating the art of the possible, taking advantage of new technologies to break through longstanding challenges. Digital transformation empowers government agencies and private operators to meet these challenges by providing insights from data to drive effective decisions, improve day-to-day operations, engage and empower citizens, and protect communities.

 

Microsoft Azure AI

The city of Ville de Laval, Quebec, used Microsoft Azure AI and machine learning to speed up citizen-agent interactions on its 311 non-emergency hotline and to answer the more basic inquiries with a virtual agent.

Azure Arc

OPET, one of Turkey’s most prominent energy distributors, worked with Microsoft partner KoçSistem to comply with new privacy laws quickly and securely by rolling out Azure Arc–enabled data services for customers nationwide.

Microsoft Azure Synapse Analytics

The San Francisco Municipal Transportation Agency (SFMTA) centralised its data and reduced administrative bottlenecks by partnering with Microsoft to build a serverless data & insights solution centred on Microsoft Azure Synapse Analytics.

 

Microsoft works with critical infrastructure providers worldwide and understands their unique challenges. Microsoft Azure and other Microsoft solutions are designed to help organisations of all sizes secure, modernise, and manage critical infrastructure.

 

A cloud you can trust

cloud-computing-resource

Microsoft protects the confidentiality, integrity, and availability of data and compliance with applicable standards through a defence-in-depth cybersecurity approach. Unparalleled telemetry and cloud-powered security operations and management tools back Microsoft’s experience running global enterprise services and critical infrastructure. Microsoft hardens and isolates its corporate and cloud infrastructure environments while implementing safe operation practices, such as deny-by-default zero-trust architecture, least privilege, and multifactor authentication.

 

Importance of safety and connectivity

All government services require secure, privacy-enabled, compliant technology. Critical infrastructure faces an even higher bar. These services must stay up and running due to the potentially high human and financial costs of disruption. For example, utility outages can leave vulnerable customers without heat in winter. Slowdowns in public transportation can increase fuel costs, reduce the number of fares received, and leave commuters stranded. If critical services become inaccessible, emergency personnel can’t reach people in crisis.

 

Compliance: Navigating ever-changing complexity

Critical infrastructure providers are compelled by local and international law to maintain some of the strictest compliance standards. The need to adhere to compliance standards is often what keeps organisations from updating legacy systems in the first place. At DSP, we’re committed to compliance, and we understand the challenges faced by organisations responsible for critical infrastructure. Compliance requires specialised knowledge and expertise. This compliance translates to higher costs in an on-premises environment since you are responsible for that expertise and the necessary resources in-house. On the other hand, the right cloud provider can shoulder much of the compliance burden for you by bringing teams of experts with compliance certifications to the table. You can read more about PCI compliance here.

 

With Microsoft Azure, organisations gain two distinct advantages:

  • The broadest compliance coverage of any commercial cloud provider, affording a head start when it comes to authorisation and accreditation
  • A set of tools to accelerate building and deploying solutions that comply with specific regulations

These capabilities can provide significant cost savings as well as economies of scale. Whereas on-premises builds require proof of compliance every time a significant change is made, Azure enables you to build on a compliant foundation and move forward. Azure helps organisations more easily demonstrate compliance and, in many cases, extend this to continuous compliance monitoring.

In situations where compliance regimes are more strict, solutions can still be built in the cloud, leveraging such tools as Azure Blueprints, which can simplify deployments by packaging key environment artefacts, such as Azure Resource Manager templates, role-based access controls, and policies, in a single blueprint definition. You can then deploy where needed with a consistent experience from cloud to on-premises to the intelligent edge.

 

 

Azure regions 

Azure has more global regions than any other cloud provider - offering the scale needed to bring applications closer to users around the world, preserving data residency, and offering comprehensive compliance and resiliency options for customers.

+

announced regions worldwide

countries available

 

Bolster reliability with disaster recovery

 

Azure’s end-to-end backup and disaster recovery solutions are simple, secure, scalable, and cost-effective, reducing recovery times by 66% and generating cost savings of up to 47% compared to on-premises alternatives. This reduction is made possible by:

 

Simplified management environments

The centralised management interface makes it easy to protect, monitor, and manage enterprise workloads across hybrid and cloud. Extend your backup solutions to Azure or configure our scalable replication and backup to fit your business needs.

Azure built-in security controls

Safeguard your backup environment and maintain compliance with wide-ranging security and privacy regulations. Configure virtual machines (VMs) to fail over to the cloud or between cloud datacentres and protect data from deletion and ransomware.

Reduced complexity and cost

Azure provides a platform for a zero-infrastructure solution. Achieve low recovery-point objective (RPO) and recovery time objective (RTO) targets, and reduce the costs of on-premises disaster recovery infrastructure.

Extend solutions to Azure

Work with a preferred and leading backup provider to extend your existing solution, enabling quick backup and replication of applications or data to Azure as well as cost-effective storage in the storage tier of your choice.

 

Azure backup and disaster recovery provide a simple-to-architect, cloud-native, highly available, and resilient solution for recovering your business services promptly and orchestrated manner when disruptions strike.

 

 

Bolster your security footprint with Azure 

To strengthen the security posture of cloud workloads, Microsoft Azure Security Centre offers advanced hybrid-cloud workload protection with Azure Defender and helps streamline security management. Azure Defender’s extended detection and response (XDR) capabilities help protect against threats like remote desktop protocol (RDP) brute-force attacks and SQL injections.

The regulatory compliance tutorial provides a compliance score and compliance assessment with Azure CIS, PCI DSS 3.2, ISO 27001, NIST, and SOC TSP. With more than US $4B invested annually in cybersecurity research and development over the next 5 years, more than 3,500 experts dedicated to security and privacy, and more certifications than any other cloud provider, Microsoft Azure can help critical infrastructure operators confidently prepare for audits at any time.

 

Applying a zero-trust security approach 

Traditional security approaches rely on a clear delineation between users who are inside and users who are outside the physical network of an organisation. In such a scheme, any access requests coming from inside the network are often implicitly trusted. Outside access might require verification for initial entry only, after which users might have access to the entire internal network.

This strategy is insufficient in the face of modern security threats - especially in the world of critical infrastructure - where the consequences of a cyber attacker gaining entry to IT systems can be catastrophic.

A zero-trust approach mitigates these risks of traditional approaches. A robust zero-trust approach must extend throughout an organisation’s entire digital estate with an integrated end-to-end strategy implementing controls across the following six foundational elements:

  • Identities - Multi-factor authentication (MFA) with secure passwords and real-time analysis of user, device, location, and behaviour make ongoing protection possible. Providing administrators with secure admin workstations (SAWs)— limited-use machines built to reduce the risk of compromise while providing fast access to restricted environments—also reduces the likelihood of credential theft.
  • Devices - Endpoint threat detection and gated access controls mitigate risk for the organisation and the device owners, even in bring-your-own-device scenarios.
  • Apps - Applying the principle of least privilege and continuous verification to app access and implementing dynamic control helps prevent breaches and unauthorised access.
  • Infrastructure - Granular visibility and control coupled with segmentation capabilities prevents unauthorised deployments and allows the blocking of suspicious activity.
  • Networks - Encrypting all traffic and deploying machine learning–based threat protection and deeper micro-segmentation keeps the network protected at all edges.
  • Data - Data must be encrypted at rest and in transit. Innovative machine-learning models can better classify data, a cloud-security policy engine can govern access decisions, and data loss prevention (DLP) policies secure sharing with encryption and tracking.

In addition to enhancing security, the zero-trust approach can aid the process of achieving compliance for critical infrastructure operators that use NIST-based controls. For US-based entities, the Azure team has developed a 12-step process for securing identity and access management in federal information systems aligned with the identity management principles within the NIST, OMB, and CISA zero-trust frameworks. Microsoft also works with critical infrastructure operators in other regions to meet the requirements specific to their regulatory environment and goals.

 

12 steps 

To implementing Zero Trust Identity Management Principles in Azure 
  1. Employ an Identity Management System
  2. Manage Identity & Access
  3. Conduct User Account Provisioning
  4. Control User Authentification
  5. Implement Secure Authentification
  6. Evaluate Credentials and Authentification
  7. Determine User Access to Resources
  8. Make Trust Determinations
  9. Enforce Least Privilege
  10. Secure Administration
  11. Leverage Adaptive Access Control
  12. Perform Continuous Training

Microsoft's approach to zero-trust

Identity management in the cloud is vital for ensuring people have access to the right resources and applications. Microsoft has several offerings to support identity management in Azure including Azure Active Directory (Azure AD)—a universal platform for managing and securing identities with single sign-on and MFA. Azure Active Directory Identity Protection and Azure AD Privileged Identity Management (PIM) also allow for automatic detection and remediation of identity-based risks and the ability to manage, control, and monitor access to essential resources in your organisation.

Azure also enables zero trust by providing a blueprint for application developers and security administrators that focuses on implementation across the six foundational elements. It includes Azure Resource Manager templates to deploy and configure Azure resources such as Virtual Network, Network Security Groups, Azure Key Vault, Azure Monitor, Azure Security Centre, and more.

 

Defending against cyber attacks 

As one of the most significant availability and security concerns facing critical infrastructure agencies migrating to the cloud, ransomware and DDoS attacks can slow network performance, make critical websites and applications unavailable, increase vulnerability, and cost time and money. These attacks can be targeted at any endpoint that is publicly reachable through the internet. Attacks on systems that provide critical services damage the reputation of and trust in governments but can cause harm to those who rely on those systems.

Every workload in Azure, however, is protected by Azure DDoS Protection Basic at no additional cost through always-on traffic monitoring and real-time mitigation. Enhanced DDoS mitigation can be achieved with Azure DDoS Protection Standard, combined with application design best practices. Features include turnkey defence, adaptive tuning, near-real-time metrics and alerts, attack analytics, rapid response, and more.

cyber-security-resource

 

Examples

Recent months have seen a rise in ransomware attacks across multiple sectors. In May 2021, Belgian public sector ISP, Belnet, experienced a distributed denial of service (DDoS) attack that took down the websites of 200 connected organizations, including the Belgian government, parliament, universities, and research institutes.

The Canadian Government of Nunavut was also recently hit by a ransomware attack that completely shut down its network. In need of a secure and straightforward solution for its distributed network of remote workers, the government turned to Microsoft Azure for a standardised, cloud-first environment and streamlined secure access to the solution.

 

Identifying security data in bulk 

The amount of data agencies may need to collect, store, and analyse can initially seem unmanageable. Storing and analysing this data at scale requires advanced technology that uses the power of the cloud. Critical infrastructure providers can use Azure Sentinel to meet this challenge, gaining intelligent security analytics and support for next-generation security operations enabled by cloud and AI.

A cloud-based security information and event management (SIEM) tool, Azure Sentinel enables large-scale data collection and built-in orchestration and automation for rapid response. AI speeds up threat detection and response capabilities, and innate elasticity allows for convenient scaling. Azure Sentinel is also 48 per cent less expensive and 67 per cent faster to deploy than typical on-premises SIEMs, helping those in charge of critical infrastructure to stay within tight timelines and budgets.

 

 

Expanding the value and availability of data 

Critical infrastructure teams can generate value and optimise services through the advanced use of data, such as AI, advanced analytics, and IoT. Microsoft Azure can help organisations build a unified data strategy that aligns with their mission, principles, and practices and facilitates using data as an asset. Many agencies worldwide are already using Azure to unlock the power of data to make better decisions.

 

Renovating the data footprint 

Microsoft understands that agencies have diverse data ecosystems and requirements. Azure provides a wide range of options for getting data to the cloud. That can mean a lift-and-shift approach, moving databases to a service such as SQL Server on Azure Virtual Machines without rearchitecting. Azure Migrate can help agencies discover, assess, right-size, and migrate on-premises virtual machines to Azure. Azure Database Migration Service can also help simplify, guide, and automate database migration.

Using a managed database or database-as-a-service can deliver even greater value. Azure managed databases, including open-source options, allow agencies to build cloud-native applications or modernise existing applications without the need to manage the underlying infrastructure or data platform. Use cases include modernising .NET and Java applications, building cloud-native applications, delivering highly scalable customer service and enterprise resource planning (ERP) apps, and building web and mobile applications.

Popular managed database services on Azure include:

By moving to cloud-based ERP, agencies also gain access to intelligent business applications, resource optimisation, and improved efficiency. Whether migrating SAP to the cloud using SAP on Azure or choosing cloud-native Microsoft Dynamics 365 solutions, Azure provides a cloud platform optimised for mission-critical ERP with the ability to gain insights from advanced analytics, innovate with Microsoft services, and save high costs, all while maintaining a strong focus on security and compliance.

 

Utilising real-world data

The Azure IoT Hub makes it easy to connect, monitor, and manage billions of IoT assets and features a security-enhanced communication channel for sending and receiving data from those devices. Comprehensive security and compliance are built in, and organisations can further reduce risk with Azure Defender for IoT, which provides continuous asset discovery, vulnerability management, and threat detection for your Internet of Things (IoT) and operational technology (OT) devices. The Azure Certified Device program empowers device partners to differentiate and promote devices easily and enables solution builders and end customers to find IoT devices built to work well with Azure. Operators can also harness Azure Sphere, a turnkey security solution built to help you protect new and existing IoT devices and equipment, or use Windows 10 IoT Enterprise, which has significant security features that can be used to help ensure security across critical pillars of the IoT security spectrum. Learn more about the 19 security best practices for Azure Sphere.

 

Accepting advance analytics 

Advanced analytics enable agencies to generate actionable insights from data. These insights uncover distinct data states and trends to inform timely action. Predictive analytics allows organisations to identify and mitigate risks before they create service outages. Machine learning can identify trends in massive volumes of data that would overwhelm human analysts. Digital feedback loops enable greater agility and responsiveness to change indicators.

Most importantly, with advanced analytics and the cloud, it’s possible to share data more effectively with the people who need it. Data-driven decision-making can filter into all parts of an organisation, eliminating silos and delivering actionable predictive intelligence across many scenarios.

Azure Synapse Analytics is a limitless analytics service that combines data integration, enterprise data warehousing, and big data analytics. It gives users the freedom to query data on their terms, using either serverless or dedicated resources - at scale. Azure Synapse combines these worlds with a unified experience to ingest, explore, prepare, manage, and serve data for immediate BI and machine learning needs.

For AI at the edge, Azure Percept is a comprehensive, easy-to-use AI platform that includes hardware accelerators integrated with Azure AI and IoT services, pre-built AI models, and solution management to help start your proof-of-concept in minutes. Security measures built into your edge AI solution help protect your most sensitive and high-value assets.

 

 

Cloud you can rely on

Azure helps organisations utilise the cloud to protect and harden critical infrastructure and critical government services, all while modernising their legacy systems. Whether helping utilities meet net-zero commitments, enabling more efficient and reliable transportation services, or helping cities achieve more excellent liveability and economic vitality, Azure can make it happen while prioritising compliance, security, and availability. Microsoft’s mission is to empower every person and every organisation to achieve more. They aspire towards economic, social, and environmental prosperity for the organisations and societies we serve.

You might also be interested in...

Microsoft Azure for hybrid and multi-cloud environments

This page seeks to demonstrate best practices, including warning signs and the essential actions that any business must take to enable hybrid environments.

Read more

Azure Machine Learning - deployment anytime, anywhere

Azure Machine Learning can help your data team rapidly build and train models and operationalise them at scale with ML Ops. It also lets your data team innovate on an open and flexible platform...

Read more
DSP-Logo-2019-White-600px

Want to see what we can do for your business? 

Get in touch with our specialists today and start your modernisation journey with industry experts.