Securing Your

Migration
Contents

Introduction 03

Chapter 1

Securing your entire IT landscape 04

Chapter 2

Enabling innovation in the cloud with unified

and comprehensive security 07

Chapter 3

Customer stories on cloud security 11

Conclusion
Azure runs on trust 17
 i 1 2 3 C Securing your Migration 3

Introduction
In today’s landscape, cyberattacks seem inevitable – but the reality is
less bleak than it appears. The most recent Microsoft Digital Defence
Report found that basic security hygiene protects against 99% of attacks.1
As more organisations strategise how they’ll use AI and cloud-native
services to drive innovation, embracing those basic cloud security
practices can help them address their top security concerns.

The race to innovate with AI and cloud technology comes with several
challenges. Organisations face rising costs, changing regulations, IT
sprawl and expanding security threats. Without the right tools, these
realities can easily decelerate plans for innovation and growth.

Organisations need comprehensive security solutions that use the

cloud to increase scalability, reduce IT sprawl, maximise team skill sets
and optimise costs and resources to thrive in today’s fast-paced market.
Migrating to the cloud provides a secure platform for innovating with
AI while simultaneously maximising ROI and ensuring high performance
for both first-party and third-party workloads.

This eBook outlines the strategies and tools you need to secure your
IT infrastructure in the cloud as part of a responsible AI framework.

Fundamentals of cyber hygiene

Migrating to the cloud makes it easier to implement fundamental
security standards. The following security standards help protect
organisations against over 99% of attacks:1

• Multifactor authentication

• Zero Trust design principles

• Extended detection and response (XDR) and antimalware

• Updating firmware, OS and applications

• Protecting data

1
Microsoft Digital Defense Report, October 2023.
 I 1 2 3 C Securing your Migration 4

Chapter 1

Securing and managing your entire IT

landscape to enable responsible AI
Organisations need a cohesive multicloud cybersecurity strategy
With around 87% of businesses embracing multicloud environments and 72% taking a hybrid approach,
security and compliance teams are grappling with how to provide a proper security posture to protect
their cloud platforms against increasingly sophisticated and frequent cyberattacks.

Security is a top cloud challenge for all organisations

For enterprises and SMBs, security is the second most pressing challenge just after managing cloud spend.2

Organisations face several challenges in securing cloud workloads

Some of the biggest challenges reported by organisations include a lack of skilled cybersecurity staff (43%),
ensuring compliance (37%) and visibility into infrastructure security (32%).3

Misconfigurations are the leading cause of cloud-related security incidents

Recently, 24% of organisations experienced a public cloud-related incident, with the leading causes being
misconfiguration, followed by account compromise and exploited vulnerabilities.3

Despite these ongoing challenges, the cloud holds immense value for companies looking to sharpen their
competitive edge through innovation strategies. First, they must establish a simple, secure and well-managed
IT infrastructure that protects against growing threats without requiring extensive IT expertise or multitudes of
additional resources.

2
Flexera 2023 State of the Cloud Report, Flexera, 2023.
3
2023 Cloud Security Report, Cybersecurity Insiders, 2023.
i 1 2 3 C Securing your Migration 5

Three critical components of a secure IT landscape

1. Threat intelligence
Reduce the time and effort required to prevent and resolve attacks

Threat intelligence involves gathering and analysing data about potential cyber threats so businesses can defend
against them. It shifts security teams from a reactive stance to a more proactive one by providing data-driven
security insights. These insights help shed light on unknown threats, allowing teams to understand the attackers’
motives better and anticipate tactics, techniques and procedures (TTPs) behind attacks.

For resource-strapped businesses, threat intelligence offers a level of security that might otherwise be
unattainable. Meanwhile, enterprises incorporate external threat intelligence to help optimise costs
and enhance the effectiveness of their security teams.

2. Simplified compliance
Keep infrastructure compliant with daily regulatory updates

Regulatory compliance is a frequently cited challenge for many organisations. As technology advances, more
rules and standards regulate how that technology – and the data involved – can be used. Given the increasingly
complex regulatory landscape, simplifying compliance is crucial for businesses looking to bolster security in their
multicloud and hybrid environments.

Several factors help simplify compliance, including centralised control, data risk visibility and automated
response orchestration. Additionally, daily regulatory updates help businesses keep track of the most recent
rules and regulations that impact their jurisdiction. With these factors in place, organisations can better comply
with regulations as they innovate with the latest technologies.

3. Tool consolidation
Secure cloud environments and platforms with an integrated set of tools

When it comes to security and management tools, more isn’t necessarily better. IT sprawl is common for
security solutions, with IT environments consisting of different server and data set-ups across locations. For
several reasons, reducing the variety of security tools and systems used to safeguard an IT landscape is crucial
for enhancing security. Minimising complexity improves the integration and communication between different
security tools, enhancing visibility, detection and response capabilities. It also helps eliminate overlapping and
redundant security functions, leading to more sustainable and scalable operations.
 i 1 2 3 C Securing your Migration 6

Build a secure foundation for AI

As you continue your cloud migration journey, consider how these three
components – threat intelligence, compliance and tool consolidation – play
into your security strategy. Ultimately, your strategy should help you build
a secure AI-ready foundation that enhances your agility in the cloud while
maximising ROI and performance.

Azure customers have reported that migrating SQL Server and

Windows Server workloads helped lower infrastructure costs,
improve security and drive team efficiency.

•
27% lower infrastructure costs4

•
30% faster to identify security threats4

•
51% more efficient IT infrastructure teams4

IDC White Paper, sponsored by Microsoft, The Business Value of Microsoft Azure for
4

SQL Server and Windows Server, Doc #US49616022, August 2022.

i 1 2 3 C Securing your Migration 7

Chapter 2

Enabling innovation in the cloud with

unified and comprehensive security
Migrating to Azure provides organisations with an optimised platform for taking advantage of the latest
technologies. By providing comprehensive code-to-cloud security, Azure helps businesses use AI and cloud-
native tools in a secure environment, allowing teams to focus on driving innovation instead of mitigating risks.

Migrating your SQL and Windows Servers to Azure gives you access to unified, comprehensive security for your
cloud stack. Explore the solutions below to see how each contributes to a secure, AI-ready foundation in the cloud.

Solution Microsoft Defender for Cloud

Type Cloud-native application protection across clouds and on-premises environments

Purpose Protect hybrid and multicloud environments with cyberthreat detection and response

Capabilities • DevOps posture visibility across pipelines

• Code to Cloud contextualisation

• Infrastructure as Code security

• Attack path-based prioritisation

• At-scale governance and automated remediation

• Full-stack threat protection

• Vulnerability assessment and management

Scenario A state court system uses Defender for advanced threat detection and to educate
employees on detecting and avoiding phishing scams.
Learn more

Solution Microsoft Sentinel

Type Security information and event management (SIEM)

Purpose Detect, analyse and respond to security threats before they disrupt operations

Capabilities • Cloud-scale data collection across on-premises and cloud infrastructure

• Threat detection that minimises false positives

• Incident response powered by built-in orchestration and automation

Scenario An audio media company uses Microsoft Sentinel to consolidate vendors, simplify event
management and enable AI monitoring for its digital landscape.
Learn more
i 1 2 3 C Securing your Migration 8

Solution Azure network security

Type Network security management solutions and services

Purpose Secure cloud and hybrid networks using a layered Zero Trust approach

Capabilities • Identity verification and access controls with Network Security Groups (NSGs)
• Advanced threat protection with Azure Firewall

• Web application protection with Azure Web Application Firewall

• Monitoring and automatic network mitigation with Azure DDoS Protection

• Remote access to virtual machines with Azure Bastion

Scenario A retail giant uses Azure Firewall to improve security for its modernised infrastructure.
Learn more

Solution Azure confidential computing

Type Confidential computing for hardware, services, SDKs and deployment tools

Purpose Increase data privacy and security for data in use

Capabilities • Sensitive workload protection

• Transparent data encryption

• Storage for cryptographic keys and secrets

• Multi-party distributed trust applications deployment

• Remote verification

Scenario A services company that provides digital spaces uses Azure confidential computing
to deliver privacy, security and governance to its clean room software across multiple
cloud providers.
Learn more
 i 1 2 3 C Securing your Migration 9

Solution Microsoft Purview

Type Unified data governance service

Purpose Safeguard data across platforms, apps and clouds to reduce risk and meet compliance
requirements
Capabilities • Automated data scanning and classification

• Sensitive data discovery

•  Data estate insights across on-premises, multicloud, SaaS apps, databases,

VMs, files, web apps and servers

• Role-based access control

• Secure workplace creation for sharing datasets for specific permissions or groups

Scenario Microsoft Purview Data Loss Prevention prevents sensitive data exfiltration in
mortgage financing.
Learn more

Solution Azure Monitor

Type Data monitoring solution

Purpose Collect, analyse and respond to monitoring data from cloud and on-premises
environments
Capabilities • Data visualisations via dashboards, charts, queries, alerts and reports

•  Curated insights on performance, infrastructure health, network performance

and incidents
• Near-real-time alerts and actions

Scenario A leading public transportation provider uses Azure Monitor and Azure Arc to create
a central monitoring solution to enhance visibility for its hybrid and multicloud estate.
Learn more

Azure Monitor users report significant gains in security and operational efficiencies.
•
76% faster to identify issues5
•
63% faster resolution of configuration errors4

•
57% fewer unplanned outages4

5
IDC White Paper, sponsored by Microsoft, The Business Value of Azure Monitor, Doc #US50541523, April 2023.
 i 1 2 3 C Securing your Migration 10

Comprehensive security across environments

Together, these tools provide multilayered environmental protection so you can adopt new technologies
while protecting your most valuable digital assets.

• Detect and respond to threats with best-in-class threat intelligence

• 50% reduction in time to remediate threats with Defender for Cloud6

• Keep your infrastructure compliant and up to date

• 100+ compliance offerings – more than any other provider

• Consolidate your tools for simplified management and cost savings

• 30% reduction in time spent on security and compliance with Defender for Cloud3

Securing hybrid environments

Not all infrastructure can be migrated to the cloud. Sometimes, regulations require that certain assets
remain on-premises or within a certain geographic location, forcing companies to adopt a hybrid approach.
Unfortunately, using both the cloud and on-premises servers creates complexity regarding control and
governance. That’s where Azure Arc comes in.

Azure Arc extends the Azure platform – and its security capabilities – to multicloud and on-premises
environments. This creates a unified platform for managing and securing resources, whether in the cloud,
in data centres or on the edge. It offers built-in security and compliance for Azure Arc-enabled services,
including Azure Kubernetes Service (AKS), app services, data services and machine learning.

Azure Arc supports Extended Security Updates for Windows Server 2012/R2,
SQL Server 2012 and SQL Server 2014.

Consolidate, secure and save with Azure Arc

Azure Arc showed significant results in a compositive organisation over three years.
• 80% lowered risk of a data breach from unsecured infrastructure7
• Reduced spending on third-party tools by 15%4
• IT operations productivity gains of 30%4

The Total Economic Impact™ Of Microsoft Defender For Cloud, a commissioned

6

study conducted by Forrester Consulting on behalf of Microsoft, February 2021.

The Total Economic Impact™ Of Microsoft Azure Arc For Security

7

and Governance, a commissioned study conducted by Forrester

Consulting on Behalf of Microsoft, June 2022
i 1 2 3 C Securing your Migration 11

Chapter 3

Customer stories on cloud security

Discover how organisations are securing their cloud migrations and enabling AI innovation.

WTW consolidates security tools for

elevated protection
Insurance

The company
Customers turn to WTW for actuarial and risk mitigation strategies that help
them build resilience and make smarter decisions in a world of uncertainty.
To help its clients achieve those goals, WTW relies on huge volumes of data
and highly skilled analysts applying advanced data science techniques and
contextual judgment to reveal opportunities.

Company details

120 55,000 300+

countries of operation workstation devices subscriptions

The challenge
Since its formation in 2016, WTW steadily built up a body of unconnected
legacy solutions that were causing several security issues, including:
• Inflated licensing costs for multiple tools

• Security data duplicated across solutions

•  Loss of agility as teams were pulled in different directions trying to

manage varied technologies

The goal
The company’s vision for a more secure future involved several key goals:

• Consolidate its tools to streamline its security posture

• Establish an agile, threat-led security team

• Enhance visibility into its IT estate

i 1 2 3 C Securing your Migration 12

WTW

Solutions and outcomes

Microsoft Defender for Cloud Microsoft Sentinel Microsoft Purview

Deploying Microsoft Defender Converting from a legacy SIEM Rolling out Purview helped
for Cloud provided greater system to Microsoft Sentinel prioritise its data loss
protection for its cloud workloads allowed the team to aggregate prevention (DLP) and
and extended its detection and threat data from Azure and its information governance tools.
response (XDR) capability. Oracle cloud.

Outcomes in numbers

55,000 12 TB USD 5-6M

endpoints enabled with less data going USD saved in a year
full-scale XDR capability into the SIEM

Read the full story

We need full visibility into our IT estate, especially

as we embrace Zero Trust. The consistency in the
Microsoft tooling delivers that visibility across
endpoints, identities and multicloud.”

Paul Haywood, Chief Information Security Officer, WTW

i 1 2 3 C Securing your Migration 13

World Bank centralises security

solutions in the cloud
Banking and capital markets

The company
The World Bank works tirelessly to end extreme poverty and boost
prosperity on a livable planet by providing access to basic financial
services. The organisation offers lending services in developing
countries worldwide in support of this mission.

Company details

189 170+ 130+

developing countries with operating locations
countries served employed workers

The challenge
The World Bank IT team was using multiple cloud providers and tools to manage
the complex backend of the global institution. The security office used different
software to monitor the risk security of all the company’s servers, making it difficult
to assess the database environment and get insights on their migration readiness.

•  Decentralised tools couldn’t monitor the entire SQL infrastructure (on-premises

and cloud)

• Difficulty managing inventory of data workloads

• Inefficient maintenance processes for tasks like backups and patches

The goal
World Bank’s IT and Information Security Office teams wanted a cloud-based
solution to centralise monitoring, performance, resource consumption and
security management in a single package. The company’s goals included:

• Deprecate duplicate licences

• Reduce operating costs

• Centralise data storage

i 1 2 3 C Securing your Migration 14

World Bank

Solutions and outcomes

Compatibility played a big part in the World Bank’s decision to partner with Azure. The company wanted a solution
that could be used to manage both Azure and AWS servers and work with its Microsoft SQL Server stack.

Azure Arc Microsoft Defender for Cloud Azure Monitor

Implementing Azure Arc allowed Microsoft Defender for Cloud The team uses Azure Monitor to
the company to manage both provides the company with gauge performance trends and
clouds from a single dashboard comprehensive hybrid and identify potential anomalies.
and streamline its cloud multicloud security to help
migration journey. protect sensitive financial data.

Outcomes in numbers

300 90%
SQL Servers enabled with Azure Arc cost savings by removing
(10 times more than the previously previously licensed tools
licensed tools could cover)

Read the full story

With Azure Arc, we can manage everything at the

operating level and on the SQL Server side, all
from a single pane of glass.”

Chandra Kala Macha, Information Officer II, World Bank

i 1 2 3 C Securing your Migration 15

Tecnicas Reunidas improves security

across its expanding footprint
Energy

The company
A global engineering and energy leader, Tecnicas Reunidas is focused on carbon capture and
storage, the circular economy and hydrogen.

Company details

1000+ 50+ 900

Industrial plants countries with on-premises and
managed operations cloud servers

The challenge
With an extensive global footprint and complex operational, regulatory and digital requirements, the company’s
growth began presenting several challenges. Over time, the IT team faced several limitations in managing
security across its estates:

• Multiple security tools driving up costs

• Increasing IT complexity

• Growing number of threats adding pressure to manual processes

Tecnicas Reunidas launched an ongoing migration of some of its on-premises facilities and capabilities to Azure
to overcome these challenges.

The goal
The IT team wanted to consolidate its on-premises and expanding cloud environments so they could
concentrate more on governance, rather than spending their time managing different services and tools.

• Establish centralised management for on-premises and cloud environments

• Integrate automation to reduce manual work

• Enhance visibility of the entire data IT infrastructure

i 1 2 3 C Securing your Migration 16

Tecnicas Reunidas

Solutions and outcomes

Tecnicas Reunidas unified its growing hybrid environment to help establish optimal control over its security
operations. The IT team primarily runs Windows Server in its environments and manages the entirety with
Azure Arc, which it relies on to help handle security, governance and compliance for its IT infrastructure.

Azure Arc Microsoft Defender for Cloud Microsoft Sentinel

Using Azure Arc allowed the The company uses Defender With Microsoft Sentinel, the
company to consolidate nearly for Cloud to protect workloads team could aggregate data from
900 on-premises and cloud servers running on-premises and in Azure. across on-premises and Azure
and automate many of the manual sources and use built-in AI for
tasks associated with security. advanced threat protection.

Outcomes in numbers

~900 • E
 nhanced security capabilities, including management,
security suite tools, compliance review, agent deployment
on-premises and cloud servers and security updates
connected to Azure Arc
• Teams can easily access company data for use in AI models

Read the full story

Our work approach has changed with Azure. Now,

we’re putting more emphasis on governance instead
of just loading up on services and tools. With Azure
Arc, we can use automation to do less manual work
and improve our security simultaneously.”

Israel Pérez Jiménez, IT System and Cloud Architect,

Tecnicas Reunidas
 i 1 2 3 C Securing your Migration 17

Conclusion

Azure runs on trust

Migrating your Windows Server and SQL Server to Azure provides the security, agility and speed your
organisation needs to drive innovation with AI-powered and cloud-native tools. With best-in-class security
solutions that are purpose-built for your entire IT estate, Azure helps your teams innovate freely in the cloud
so you can drive business objectives further and faster. Plus, with Azure Arc, you can consolidate and manage
your tools from a single dashboard, saving precious hours and costs that can be refocused on bringing
groundbreaking ideas to life.

Migrate to innovate with built-in security from Code to Cloud

Azure provides unmatched speed, security and cost savings compared to other cloud providers.
•
Run up to 5× faster than AWS8

•
Reduce costs by as much as 93% with Azure Hybrid Benefit8

•
The most compliance certifications of any cloud provider

Azure relies on Microsoft Threat Intelligent to protect

and defend a never-ending surge of security threats:1
• 65 trillion signals synthesised daily

•
10,000+ security and threat intelligence experts across the globe

•
4,000 identity attacks blocked per second

•
300+ threat actors tracked

Three Microsoft Azure SQL Managed Instance offered better SQL Server performance and
8

value than their Amazon RDS counterparts in our tests, Principled Technologies, May 2022.

Take the next step to a secure migration

Assess your environment and build a migration business case with Azure Migrate and Modernise.

Contact Sales

© 2024 Microsoft Corporation. All rights reserved. This document is provided ‘as-is’. Information and views expressed in this document,
including URL and other internet website references, may change without notice. You bear the risk of using it. This document does not
provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your
internal, reference purposes.