Why Azure? Microsoft’s Brandon Middleton Talks Azure, Security – Part 1

Today, we’ll be sharing excerpts from our webinar with Brandon Middleton from Microsoft. As a solution sales professional, Brandon spends most of his time talking with customers in the San Francisco Bay area about Azure, and often about topics like the cloud and security. In this interview, Cloud Academy’s Ben Lambert will be talking with Brandon about the benefits of Azure over other cloud platforms, support for Linux, security, and more.

Stay tuned for part 2 of this interview where we’ll cover more topics including how Azure supports big data, the advantages of moving to the cloud in general (and the “but” that holds companies back), Azure and VMs, security and SSO, and more.

When you say that you get to talk to customers all day about stuff like security, is that in the context of their security concerns in terms of migrating to the cloud?

Brandon M.: Yeah, absolutely. The companies that we’re doing business with range from well-established businesses to startups that were born in the cloud, and everything in between. The conversation is a bit different depending on the business.  It’s a lot of, “How do I get to the cloud if I’m a traditional on-prem shop?” Then, if they’re already hybrid mode or in the cloud, it’s

“How do I make things secure?”

When you talk to customers, what’s the benefit of Azure over something like AWS or Google Cloud?

Brandon M.: We’ve been selling Microsoft Office software for almost 40 years now, and the relationships that we have from a sales perspective are at the very top of the food chain, which is Fortune 50 companies, all the way down to startups. The history and comfort with Microsoft are just some of the things that really help gain and garner trust.

When Amazon started in 2006 with infrastructure as a service, the economics of spinning up a desktop or a virtual machine and getting storage from somewhere in the cloud made it really, really straightforward and easy for lots of customers. When you position us against Amazon, I see them as consumer market moving upward into commercial, so big enterprise. Instead, I see Microsoft as starting in enterprise and moving more downstream.

I think the bigger differentiators, in the beginning, were the platform as a service, so anybody can do IS. You can do that on Azure just as well as you can do it in AWS, but when you talk about packaging the Microsoft server OS, in addition to the Linux stuff that a lot of people are doing, I think that it’s a lot easier to build applications and to do integrations with larger ERP system that traditional enterprises run on top of something that’s as flexible as Azure. AWS has been doing a good job of adding capability. Google, I think, is still a considerable distance behind us. I think Diane Greene has got a big job to build out a sales team and become more enterprise, as well.

You mentioned that you can do infrastructure as a service, pretty much anywhere. Does that mean that you view the ability of platform as a service to easily bundle up your code and get it running in production as one of the main benefits of Azure right now?

Brandon M.: I think that each of us has the global scale and footprint. I do believe that we have more regions than AWS and Google in terms of sheer compute. In terms of how many servers are actually out there, they may have the edge there, but worldwide presence is a big deal for multinationals. They need to make sure that as they’re building an application that can be supported, you’ve got CDNs all over the world so that you can get your content to the people who need it.
Platform as a service, yes, I think is probably one of the bigger differentiators and the amount of investment. Literally, we’re building one data center per week this year, which is pretty substantial when you look at some of the competition and some of the even smaller players. I wonder whether anyone except the big three will be able to stay in this game because there is so much money going into the infrastructure and building up more capability. Platform as a service, uptime cost, etc. To some degree, I think we’re seeing a little bit of a flat-lining across the different compute categories, across the storage categories. We have, I think, some advantage when it comes to machine learning as well on some of the big data stuff.

Security would be another area where I think that Amazon has some work to do. Then, our identity story is Active Directory and being able to do single sign-on and leverage a common Microsoft identity to unlock services across your own business, or if you do B2B and partner stuff with other vendors. I feel like the Azure platform is a lot simpler to deal with than either AWS or Google.

With the Active Directory integration, do you find that some existing Microsoft customers are finding it easier to migrate because they already have these things in place, and it’s just the natural extension of technology to move into the cloud?

Brandon M.: Absolutely. A few years back, I talked about Active Directory. That was the local on-premise way to store users and groups and do distribution groups inside a company, and hold email lists, etc. With Azure Active Directory, we put the concept of a user store into the cloud and built all of these pre-integrations with SaaS apps that people are comfortable using (Salesforce.com, Concur, Workday). Even at the API level, we can go back and forth and query information.
An Amazon or a Google would have to literally start from scratch, and if they’re 20 years or so behind us, from an identity perspective … When you look at a customer and they’ve got to decide whether to keep doing what they’ve been doing for a little while, and go hybrid with Microsoft, or try to make that same functionality work by daisy-chaining a few technologies from a different few vendors together, that’s a big feather in our cap at Microsoft, I would say. That’s a big deal.

Here is a question from one of our viewers: Does Azure support Linux?

Brandon M.: Yes. For everybody out there, you can query Linux on Azure, any combination of Azure and Linux. You will quickly find that there’s plenty of support for that OS on top of the Azure platform. Actually, more than 60% of the workloads that are operating in Azure right now are on Linux and not on a Microsoft operating system.

I would highly encourage folks to just do a quick query, and you can see all of the different flavors of Linux VNs that you can get stood up on top of Azure. There’s Red Hat support, there’s Buntu support, there’s a lot of different distros that you can play around with, and feel free to Tweet me, or feel free to email me after the session if you’ve got more specific questions, but absolutely, yeah. Linux is a big deal on top of Azure.

Do you think that with stuff like .Net Core being able to run everywhere, is that helping unify Azure to make it easier for developers to get their code running on any operating system? Is that the plan, to make it easier with containers and .Net Core, stuff like that?

Brandon M.: I’d say yes, for sure. These days people look at what our CEO, Satya Nadella, been doing and his messaging is more like open platforms, so a real dedication to open source. Let’s seed our office application and suites on top of IOS and make it a first-class citizen on Android. You see a lot more openness than you’ve seen from the traditional Microsoft in the past. If you look at some of our acquisitions, we bought Xamarin year and a half ago (I think), and that company basically would allow you to write once and then deploy it across multiple mobile operating systems, and we’re tying that into visual studio.

Yes, we’re trying to, as best as we can, give developers the choice to develop on platforms that they’re comfortable with and that they have a history with. We know that developers run the world, they build the applications, and the consumer goes there and brings their money along with it. We understand the way the world works there, and in order to do that, you’ve got to see the developers and give them stuff that makes them happy and gives them the opportunity to be as creative and as awesome as they are. Definitely.

How do people know which provider is right for them? What are the questions that you get when talking to clients? You’ve talked about security and identity. What are other questions coming up from folks as they’re considering their move to the cloud?

Brandon M.: There’s actually been an interesting shift in most enterprises. If you think about the word “DevOps,” that didn’t really exist five, six years ago. Instead, you had classic software engineering, test engineering, and people who lived in the data centers, like the network guys, the server guys, the storage guys. You’re starting to see a consolidation of folks who know how to write code, folks who know how to interact with the CLI of the actual hardware. Folks that know how to do a combination of things, and you’re seeing them land in DevOps. I get questions about how do I get started from just spinning up a trial instance of Azure and doing a lift and shift type of operation, where I want to take a small application and move it into a cluster of BMs in the Cloud.

For some of those security professionals who don’t write code from day to day, where they’re all about compliance and risk management, I get questions about whether Azure is compliant with a number of the United States and global certifications, so I get questions about ISO, and Stock One, Stock Two, and PCI for credit card, and ZipBook. I get questions about disaster recovery scenarios from companies who want to cap their local infrastructure and just make everything from this day forward backed up into the cloud. Things like RPO and RTO, like, “How much time is it going to take in the event of a disaster for these things to come back online, or for me to switch from primary to secondary, and then back once their other data center is up again?”

It all depends. I talk to software engineers, who have their set of questions, infrastructure guys who have their set of questions, and then on the security side, they definitely have their own set of questions. It’s a mixed bag, mostly.

In terms of security, let’s talk about something like PCI or HIPAA. For a new app that plans to have personal information, healthcare information, where does it start? Encryption on disk, in transit, at rest, etc. What certifications does Microsoft have to support HIPAA, and what are the limits for supporting something like that?

Brandon M.: In the United States, we are HIPAA compliant. FedRAMP, NIST, Sarbanes-Oxley is right around the corner. CJIS is also right around the corner. Our only separate government cloud is for Federal and Department of Defense type of workloads, so it’s actually different data centers than the standard Azure Cloud that we talk about with our customers.

The Azure Trust Center is the portal that we’ve made available for all of the information and documentation. I’ve found that security is kind of the global topic, no matter where you are in an organization–finance, infrastructure, HR–all care about security.

To answer your question, we bought probably four or five different security companies over the last three or four years, and we were pretty excited to come out with Azure Information Protection. So to your point about keeping things encrypted and safe at rest and in motion, we actually have the capability now to do that as you’re writing in real time in your Office documents, PowerPoint, Excel, if you’re dealing with PII (Personally Identifiable Information), security, social security numbers, credit card numbers. Azure Information Protection allows you to dynamically classify that. So if you were to be working on a spreadsheet, you want to save it to your local, personal OneDrive. We allow administrators to put policies in place to flag that information and classify it. At Microsoft, we have different flags or policies such as strictly confidential, confidential, vendor-approved, customer, etc.

The documents that you’re working on get auto-grouped into one of those classifications in order to perform actions on them, like save as a specific file name, save to a specific location, send it out of the company to a vendor. You have to either comply with the policies that have been set or raise your hand for a business justification, so a little popup will say, “Hey, you’re going to sign and say that I want to forego this policy, and it’ll go up to my manager, who will sign off and then have that action approved.”
We’ve taken away the ‘Oops’ button from enterprises and a lot of security professionals and IT groups are starting to thank us. This is something that we’ve come out within the last couple of months, but it’s definitely been a response to security uneasiness, and the hesitancy in IT and in other departments.

Ready to get started with Microsoft Azure?

We just added two new Cloud Academy courses on Microsoft Azure:

Introduction to Azure Virtual Networking

Introduction to Azure Virtual Networking
When it comes to Azure, networking is one of the core components, which makes understanding virtual networks worthwhile. In this course, we’ll cover virtual networks and how to create them, subnets, user defined routes, load balancing, hybrid networks, and more.

Getting Started with Azure App Service 
Getting started with Azure App Service
There’s a lot of effort that goes into keeping our applications available, and secure. That’s why so many cloud vendors offer platforms for hosting web-based applications. If you’re building web apps, APIs, mobile backends, or business processes then you should consider looking into App Service! App Service meets compliance standards from around the world, it’s highly scalable, it supports multiple languages, and makes it easy to get your code deployed.

This course will help developers and IT pros get up-to-speed on App Service so that you can start developing/managing apps.

Cloud Academy