The work from home scenario has pushed all companies to store most of their data in the cloud. Before the coronavirus wave, companies were using cloud but the situation has accentuated the usage of cloud storage. The capability of cloud service providers is put to the test in these times. They are being evaluated or relied upon for securing the resources stored in their clouds. Depending completely upon the service provider for ensuring the security of your cloud, is not a good idea. The security of your resources stored in the cloud is a shared responsibility between you and the service provider.
Practices you can follow to secure your resources hosted in Azure
-
Understand the shared responsibility model
The responsibility of security is different for every Azure service. On a high level, you hold the responsibility of protecting your data and you should decide who can access Azure resources. The layer of protection offered by the service providers depends on the services you subscribe to. For example, the responsibility to secure client endpoints, access right management is in your hands for Paas, SaaS, IaaS and on-premise environments. And, network controls and operating systems’ security depend on the services subscribed by you. To gain more insights about the shared responsibility model, read the whitepaper published by Microsoft on the same subject.
-
Use Azure Active Directory to verify identities
Identification of personnel trying to access your cloud resources has now become the first security check. Microsoft Azure had implemented the identity authentication process with the Azure Active Directory. Microsoft has recommended that identification authentication process should be centralised. In case of hybrid cloud scenario, you can integrate your on-premises scenario with the active cloud directories with Azure Active Directory Connect. Single source of identification reduces the possibility of mistakes and eliminates the possibility of any security risks.
-
Appoint a limited number of subscription owners
This practice is pretty straight forward and self-explanatory. You need to appoint only one Product owner for your Azure cloud resources. You should assign the ownership to no more than three resources for keeping your security intact.
-
Take careful measures for sensitive data
Safeguarding your sensitive data with keys, certificates and secrets is the key to a secured Azure infrastructure. Use the Azure key vault to store all your cryptographic keys and secrets. Each of these vaults can be accessed by authorised personnel only.
-
Appoint a limited number of subscription owners
This practice is pretty straight forward and self-explanatory. You need to appoint only one Product owner for your Azure cloud resources. You should assign the ownership to no more than three resources for keeping your security intact.
-
Take careful measures for sensitive data
Safeguarding your sensitive data with keys, certificates and secrets is the key to a secured Azure infrastructure. Use the Azure key vault to store all your cryptographic keys and secrets. Each of these vaults can be accessed by authorised personnel only.
-
Use encryption to safeguard your data
Enable encryption for all the data stored in Azure. Generally, the encryption is available by default, but if it is not available then enable encryption manually. You can also use Azure Disk Encryption to safeguard any data stored on the disk.
-
Appoint a limited number of subscription owners
This practice is pretty straight forward and self-explanatory. You need to appoint only one Product owner for your Azure cloud resources. You should assign the ownership to no more than three resources for keeping your security intact.
-
Protect and update your virtual machine
Even after following both the above-mentioned points, it is advisable to protect your operating systems as you would do with the on-premises environment. Deploy Windows Defender Advanced Threat Protection (ATP) and Microsoft anti-malware both of which can be easily integrated with the Azure security center. Azure security center automatically applies security updates to your virtual machines for you to always remain prepared for any sort of breach.
-
Control access
Like any data center, it is necessary for you to control the data access in Microsoft Azure. You can adopt the protection rings approach to secure your resources. For example, you apply the first ring around the Azure environment such as a firewall. At the first ring only, you get several services such as DDoS prevention, Firewall policies, web content filtering and vulnerability management application. The second ring is the Network Security Group which is applied to the subnet. With Network Security Group, you can filter out the traffic entering your Azure virtual network. The third ring would be Network Security Group for the virtual machine network interface. The network security group will filter out the unwanted traffic.
The summary
Securing an Azure environment might be tricky for you. However, if you do it properly and follow the above-mentioned practices it is certain that Azure is a tightly secured data center. You can start securing the environment with these practices but as you move ahead you will require proper hands-on training and sound theoretical knowledge.
Exigo Tech, a Microsoft Solutions Partner, knows Azure deployment and security practices. The company houses a team of experts who can advise you on every step after understanding your requirements. To book an appointment with one of our experts, email at or call us on 1300 EXIGOTECH (394 468).