Covering Your Bases
Public cloud providers like Microsoft Azure introduce a unique set of security challenges for solution providers to grapple with as customers increasingly shift workloads to the more cost-effective platform.
Microsoft’s deep roots in the enterprise space have created a somewhat different customer profile and threat landscape for Azure as compared with the cloud platforms at more historically consumer-oriented companies like Amazon and Google.
On one hand, adversaries have spent decades creating malware and exploits that can now be used to target Azure’s identification tools and blob storage. But on the other, Microsoft’s business focus meant that it was early to the cloud firewall game and has tools in place to lock down ports and secure virtual machines.
From focusing more heavily on applications than infrastructure to having more customers with data that’s private and inaccessible over the internet, here are eight of the biggest Microsoft Azure security issues solution providers are grappling with.
Greater Focus On Applications Than Infrastructure
Microsoft is definitely more focused on Azure applications, and has changed the conversation to be more around SaaS and APIs rather than how to build or migrate architecture, according to John Maddison, Fortinet’s EVP of products and solutions.
AWS is the largest public cloud provider, and has remained very focused on Infrastructure-as-a-Service, Maddison said. In contrast, Maddison said Microsoft’s role in Azure has resulted in conversations being more around Office 365, the Windows suite, and wrapping applications into a secure package.
Azure implementations have some security built in, and customers can turn to third parties for further security enhancements, Maddison said. Similarly, Maddison said Microsoft offers its own security for Office 365 migrations, which can be complemented by sandboxing or additional email scans via a third-party SaaS or API service
Azure Blob Storage Is Common Target Of Hackers
Azure has been abused a bit more than AWS in actual attacker stagecraft since it is a trusted environment that can be set up for free, and that’s expected to continue going forward, according to Ryan Kalember, Proofpoint’s EVP of cybersecurity strategy.
Attackers are very familiar with the Microsoft ecosystem, Kalember said, and have found SharePoint to be a wonderful tool for staging malware-based attacks via malicious link along with using compromise Office 365 accounts to launch attacks on third-party targets. Kalember said a PDF-based phishing campaign associated with Hurricane Michael actually pointed to pages hosted on Azure blob storage.
Campaigns oriented around Azure blob storage are incredibly cheap and very effective because it is by default trusted, and they occur pretty often since attackers are more familiar with the Microsoft ecosystem, Kalember said. Kalember said that Azure blob storage isn’t the type of IP that should be whitelisted, and recommended that anything done in a user’s own environment not blindly trust Azure.
Has Reputation Of Being More Proprietary In Nature
Microsoft has the strong reputation of being more proprietary in nature, which creates an additional hurdle for companies looking to both use open-source tools and work in the Microsoft realm, according to Tim Mackey, principal security strategist with the Synopsys Cybersecurity Research Center.
One way to bridge that gap, though, is through the adoption of Kubernetes and other containerization technology, which Mackey said Microsoft has done fantastic work in. Organizations that have gone down the Microsoft path are in a good position to leverage their competency around containers capitalize on things like Azure DevOps, Mackey said.
Changing cloud providers under conventional circumstances can be difficult and costly, Mackey said. But Kubernetes’ ability to abstract away the management plane that cloud providers put in place around workloads makes it easier for organizations to spread their eggs across multiple cloud provider baskets, according to Mackey.
Azure Deployments Tend To Be IT-Centric, Not Cloud-Centric
A lot of the Infrastructure-as-a-Service deployment in Azure tends to be IT-centric rather than cloud-centric due to Microsoft’s relationships with traditional enterprises, said Kaushik Narayan, CTO of McAfee’s cloud business unit. Narayan said data on Azure therefore tends to be private, and less accessible over the internet than AWS environments.
As a result, Kaushik said attacks over the network are slightly less likely with Azure than with AWS. Instead, Kaushik said components like the Azure Cosmos DB database service tend to be more of a target for hackers since they’re open to the internet.
The sheer isolation of traditional computing systems provides a lot of protection, but that isolation of private data can be lost in Azure even if it’s unintentional, said John Dodds, McAfee’s director of product management. Businesses are more likely to be susceptible to risks they haven’t thought much about such as having sensitive data sitting in Cosmos, Dodds said.
Ports That Haven’t Been Properly Secured
Customers have taken advantage of a feature in the Azure Security Center called Just-in-Time that shuts down ports while concurrently enabling virtual machines, according to Scott Woodgate, senior director of Microsoft Azure Management and Security Marketing.
The feature dramatically decreases Azure’s susceptibility to super-common threat vectors like RDP (remote desktop protocol)-based attacks by making it so that a legitimate user has access only from a specific IP address for just one-to-three hours, Woodgate said. Just-In-Time was introduced 18 months ago, Woodgate said, and can be turned on with the click of a button.
The fundamental benefit of Just-in-Time is the additional layer of protection it provides on virtual machines, Woodgate said. In addition, Woodgate said the feature should reduce the responsibilities of the SOC (security operations center) around patching or upgrading tools, which in turn would provide them with more time to focus on hunting threats.
Has Reputation Of Being More Proprietary In Nature
Microsoft has the strong reputation of being more proprietary in nature, which creates an additional hurdle for companies looking to both use open-source tools and work in the Microsoft realm, according to Tim Mackey, principal security strategist with the Synopsys Cybersecurity Research Center.
One way to bridge that gap, though, is through the adoption of Kubernetes and other containerization technology, which Mackey said Microsoft has done fantastic work in. Organizations that have gone down the Microsoft path are in a good position to leverage their competency around containers capitalize on things like Azure DevOps, Mackey said.
Changing cloud providers under conventional circumstances can be difficult and costly, Mackey said. But Kubernetes’ ability to abstract away the management plane that cloud providers put in place around workloads makes it easier for organizations to spread their eggs across multiple cloud provider baskets, according to Mackey
