First Freight CRM uses Microsoft Azure as our cloud provider.  

To enhance speed and performance, we currently have data in MS Azure data centers located in USA, Europe, Hong Kong and Shanghai (Azure CN).

All of our data centers are SAS 70 compliant and have the highest level of security available.

Adopting First Freight CRM in the cloud helps you reduce infrastructure costs while scaling resources and being agile. Even though the network is shared, Microsoft has several mechanisms in place to ensure Azure's network and customers’ networks remain segregated and secure.

Management (Microsoft-managed) networks and customer networks are isolated in Azure to improve performance and ensure the traffic moving through the platform is secure. The management networks are managed by Microsoft and are only available for devices and administrators to connect to Azure. When devices or administrators want to connect to Azure, controls such as just-in-time access and privileged access workstations limit accessibility to help ensure unauthorized individuals do not gain access to the Azure network. In addition, network cabling, the equipment to support and secure the network, and the integration of systems for monitoring the network are managed by Microsoft.

The customer networks are segregated from management networks to protect them from attacks targeting management networks. Customer networks are separated from each other using networking virtualization methods, so customers cannot gain access to other customers’ networks.

Azure’s secure network also has built-in mechanisms to protect against distributed denial-of-service (DDoS) attacks. DDoS attacks try to disrupt access to services by generating so much traffic that it exceeds capacity. DDoS protections are built into the Azure platform to help ensure attacks do not bring down our services. These protections continuously monitor traffic and use scrubbers and customer traffic profiling to detect and then deflect these attacks. Microsoft’s experience safeguarding some of the largest services on the Internet, such as Xbox and O365, gives us the ability to scale protection from attacks.

Microsoft isolates networks, ensures the confidentiality of data, and actively works to combat against DDoS attacks so that you can reallocate datacenter security resources into another area in your enterprise.

Security controls are integrated into the firmware and hardware of Azure to ensure its secure by default and continues to be secure throughout its lifetime.

Cerberus is a microcontroller, a chip made up of CPU, memory, and programmable input/output, that protects against unauthorized access and malicious updates. The microcontroller also makes it possible to secure the pre-boot, boot-time, and runtime integrity of the firmware. Our hardware has access to the boot environment before the OS loads to ensure malicious code is detected and stopped. Our firmware goes through regular code reviews. We monitor the security of the hardware and firmware to ensure that any threats are detected and mitigated before it can impact your business.

One of the most recent advancements in hardware is confidential computing, which uses Hyper-V and Intel SGX chip-enabled servers to segregate execution and data from the underlying operation system and operators. Azure can encrypt data in use, in transit, and at rest. Azure is the first cloud platform to support both software and hardware-based Trusted Execution Environments (TEEs). Trusted Execution Environments are a portion of memory on a server where customer data is stored. Only systems have access to it to prevent unauthorized administrators or processes from gaining access to this data.

Microsoft has over 3,500 cybersecurity experts who work on your behalf 24x7x365. This number includes over 200 professionals who identify potential vulnerabilities through red and blue team exercises. The red team tries to compromise Azure’s infrastructure, and the blue team defends against attacks made by the red team. At the end of each red and blue team exercise, the team codifies what they’ve learned into the Azure operational security process, so the team becomes more effective at continuous detection and response.

Microsoft employs cybersecurity experts to protect your infrastructure, so your resources can be available for other business initiatives.

If you have further questions or data concerns, please contact help @firstfreight.com