Select Page

The work from home scenario has pushed all companies to store most of their data in the cloud. Before the coronavirus wave, companies were using cloud but the situation has accentuated the usage of cloud storage. The capability of cloud service providers is put to the test in these times. They are being evaluated or relied upon for securing the resources stored in their clouds. Depending completely upon the service provider for ensuring the security of your cloud, is not a good idea. The security of your resources stored in the cloud is a shared responsibility between you and the service provider.

Practices you can follow to secure your resources hosted in Azure

  • Understand the shared responsibility model

The responsibility of security is different for every Azure service. On a high level, you hold the responsibility of protecting your data and you should decide who can access Azure resources. The layer of protection offered by the service providers depends on the services you subscribe to. For example, the responsibility to secure client endpoints, access right management is in your hands for Paas, SaaS, IaaS and on-premise environments. And, network controls and operating systems’ security depend on the services subscribed by you. To gain more insights about the shared responsibility model, read the whitepaper published by Microsoft on the same subject.

  • Use Azure Active Directory to verify identities

Identification of personnel trying to access your cloud resources has now become the first security check. Microsoft Azure had implemented the identity authentication process with the Azure Active Directory. Microsoft has recommended that identification authentication process should be centralised. In case of hybrid cloud scenario, you can integrate your on-premises scenario with the active cloud directories with Azure Active Directory Connect. Single source of identification reduces the possibility of mistakes and eliminates the possibility of any security risks.

  • Appoint a limited number of subscription owners

This practice is pretty straight forward and self-explanatory. You need to appoint only one Product owner for your Azure cloud resources. You should assign the ownership to no more than three resources for keeping your security intact.

  • Take careful measures for sensitive data

Safeguarding your sensitive data with keys, certificates and secrets is the key to a secured Azure infrastructure. Use the Azure key vault to store all your cryptographic keys and secrets. Each of these vaults can be accessed by authorised personnel only.

  • Appoint a limited number of subscription owners

This practice is pretty straight forward and self-explanatory. You need to appoint only one Product owner for your Azure cloud resources. You should assign the ownership to no more than three resources for keeping your security intact.

  • Take careful measures for sensitive data

Safeguarding your sensitive data with keys, certificates and secrets is the key to a secured Azure infrastructure. Use the Azure key vault to store all your cryptographic keys and secrets. Each of these vaults can be accessed by authorised personnel only.

  • Use encryption to safeguard your data

Enable encryption for all the data stored in Azure. Generally, the encryption is available by default, but if it is not available then enable encryption manually. You can also use Azure Disk Encryption to safeguard any data stored on the disk.

  • Appoint a limited number of subscription owners

This practice is pretty straight forward and self-explanatory. You need to appoint only one Product owner for your Azure cloud resources. You should assign the ownership to no more than three resources for keeping your security intact.

  • Protect and update your virtual machine

Even after following both the above-mentioned points, it is advisable to protect your operating systems as you would do with the on-premises environment. Deploy Windows Defender Advanced Threat Protection (ATP) and Microsoft anti-malware both of which can be easily integrated with the Azure security center. Azure security center automatically applies security updates to your virtual machines for you to always remain prepared for any sort of breach.

  • Control access

Like any data center, it is necessary for you to control the data access in Microsoft Azure. You can adopt the protection rings approach to secure your resources. For example, you apply the first ring around the Azure environment such as a firewall. At the first ring only, you get several services such as DDoS prevention, Firewall policies, web content filtering and vulnerability management application. The second ring is the Network Security Group which is applied to the subnet. With Network Security Group, you can filter out the traffic entering your Azure virtual network. The third ring would be Network Security Group for the virtual machine network interface. The network security group will filter out the unwanted traffic.

The summary

Securing an Azure environment might be tricky for you. However, if you do it properly and follow the above-mentioned practices it is certain that Azure is a tightly secured data center. You can start securing the environment with these practices but as you move ahead you will require proper hands-on training and sound theoretical knowledge.

Exigo Tech, a Microsoft Solutions Partner, knows Azure deployment and security practices. The company houses a team of experts who can advise you on every step after understanding your requirements. To book an appointment with one of our experts, email at  or call us on 1300 EXIGOTECH (394 468).

 

LET’S
TALK
Get in touch with our experts and accelerate your business growth

    CASE STUDY
    How Exigo Tech Improved Business Processes and Increased Productivity for a Leading Property Management Company
     
     

    Our Microsoft Solutions

    Keep technology at the core of your business to drive growth

    VIEW PROJECT

    CASE STUDY
    Tortooga Leverages Exigo Tech’s Custom App Development Capabilities to Streamline Logistics Network Digitally
    CASE STUDY
    Exigo Tech Elevates Rhino Rack's IT Operations: 100% Server and Data Access Regained, and 30% Cost Savings from Telstra Services
     
     
    Case Studies
    CASE STUDY
    Tortooga Leverages Exigo Tech’s Custom App Development Capabilities to Streamline Logistics Network Digitally
    CASE STUDY
    How Nikon's Partnership with Exigo Tech Enhanced Its Network Security and Reduced Downtime
    View All Case Studies
    Exigo Tech is a trusted IT solutions and managed services provider, specialising in helping businesses utilise innovative technology to drive growth. We are dedicated to offering a comprehensive suite of technology solutions to enable, empower, and transform your business operations. Our mission has always been to simplify technology for growth and success.
    1350+

    Projects Completed

    98%

    Client Satisfaction

    150+

    Company Strength

    20+

    Years of Excellence

    5

    Countries

    Wsabe Award 2024 | Exigo Tech IABCA Award 2024 Finalist | Exigo Tech
    Telstra Partner Award 2023 Finalist | Exigo Tech IABCA Award 2024 Finalist | Exigo Tech