• Latest
  • Trending
  • All
  • News
  • Business
  • Politics
  • Science
  • World
  • Lifestyle
  • Tech
8×8 makes raft of updates to platform

How to Secure Azure Deployments

December 21, 2020
Innovative solutions for IT workers at home

ZEDEDA Announces Integration with Microsoft Azure IoT to Seamlessly and Securely Orchestrate Distributed Edge Computing Workloads at Scale

February 24, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

ZEDEDA integrates with Microsoft Azure IoT to provide full lifecycle management capabilities

February 24, 2021
Innovative solutions for IT workers at home

SolarWinds Attack: Proof That On-Premises Active Directory Still an Effective Initial Access Vector

February 23, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft Affirms Solorigate Attackers Saw Azure, Intune and Exchange Source Code

February 23, 2021
How to use Microsoft Sysmon, Azure Sentinel to log security events

OPS101 – Securing your Hybrid environment – Part 1 – Azure Security Center

February 22, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft Ending Azure Information Protection Connections to Microsoft Defender for Endpoint

February 22, 2021
8×8 makes raft of updates to platform

Indonesian Mobile Operator Selects NTT for Microsoft Security Project

February 22, 2021
Microsoft To Build New Azure Cloud Data Centers In Greece

NTT completes Microsoft security project for Indonesian mobile operator

February 19, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Data insights without limit, security without compromise

February 18, 2021
8×8 makes raft of updates to platform

What Is Object Storage?

February 17, 2021
Microsoft To Open Azure Cloud Data Center Region In Spain

EMC Corporation Townsend security Hewlett-Packard Enterprise Gemalto N.V. Microsoft Azure Google Thales e-security International Business Machines (IBM) Broadcom

February 17, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Azure Firewall Premium now in preview

February 17, 2021
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Thursday, February 25, 2021
  • Login
Azure Security News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
    • Home – Layout 4
    • Home – Layout 5
  • News
    • All
    • Business
    • Politics
    • Science
    • World
    Innovative solutions for IT workers at home

    ZEDEDA Announces Integration with Microsoft Azure IoT to Seamlessly and Securely Orchestrate Distributed Edge Computing Workloads at Scale

    A moment of reckoning: the need for a strong and global cybersecurity response

    ZEDEDA integrates with Microsoft Azure IoT to provide full lifecycle management capabilities

    Innovative solutions for IT workers at home

    SolarWinds Attack: Proof That On-Premises Active Directory Still an Effective Initial Access Vector

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Affirms Solorigate Attackers Saw Azure, Intune and Exchange Source Code

    8×8 makes raft of updates to platform

    Indonesian Mobile Operator Selects NTT for Microsoft Security Project

    Microsoft To Build New Azure Cloud Data Centers In Greece

    NTT completes Microsoft security project for Indonesian mobile operator

    A moment of reckoning: the need for a strong and global cybersecurity response

    Data insights without limit, security without compromise

    8×8 makes raft of updates to platform

    What Is Object Storage?

    A moment of reckoning: the need for a strong and global cybersecurity response

    Azure Firewall Premium now in preview

    Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

    Global Industrial Cybersecurity Market By Offering Type, By Security Type, By End User, By Region, Industry Analysis and Forecast, 2020 – 2026

    Trending Tags

    • Donald Trump
    • Future of News
    • Climate Change
    • Market Stories
    • Election Results
    • Flat Earth
  • Tech
    • All
    • Apps
    • Gear
    • Mobile
    • Startup
    How to use Microsoft Sysmon, Azure Sentinel to log security events

    OPS101 – Securing your Hybrid environment – Part 1 – Azure Security Center

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Ending Azure Information Protection Connections to Microsoft Defender for Endpoint

    Microsoft To Open Azure Cloud Data Center Region In Spain

    EMC Corporation Townsend security Hewlett-Packard Enterprise Gemalto N.V. Microsoft Azure Google Thales e-security International Business Machines (IBM) Broadcom

    A moment of reckoning: the need for a strong and global cybersecurity response

    Azure Engineer at VillageMD

    Innovative solutions for IT workers at home

    How to Sync On-Premise Active Directory Passwords with Office 365 and Google Apps in Real-Time

    Microsoft Azure Forms Collaboration to Enhance AI in Healthcare

    Azure Defender is now available for all IoT and OT devices

    Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

    Google and Microsoft ID Group Targeting Security Researchers

    Innovative solutions for IT workers at home

    Microsoft Releases Application Guard for Office, Plus Azure Security Center and Azure Defender for IoT Products

    Microsoft spins off security, compliance bits from Microsoft 365’s priciest plan for E3 customers

    Show your HR backups the back door

    How to use Microsoft Sysmon, Azure Sentinel to log security events

    The Hack Roundup: Biden Orders Intel Assessment of Suspected Russian Malfeasance

    Trending Tags

    • Flat Earth
    • Sillicon Valley
    • Mr. Robot
    • MotoGP 2017
    • Golden Globes
    • Future of News
  • Entertainment
    • All
    • Gaming
    • Movie
    • Music
    • Sports
    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Meet the woman who’s making consumer boycotts great again

    New campaign wants you to raise funds for abuse victims by ditching the razor

    Twitter tweaks video again, adding view counts for some users

    A beginner’s guide to the legendary Tim Tam biscuit, now available in America

    People are handing out badges at Tube stations to tackle loneliness

    Trump’s H-1B Visa Bill spooks India’s IT companies

    Magical fish basically has the power to conjure its own Patronus

    This Filipino guy channels his inner Miss Universe by strutting in six-inch heels and speedos

    Oil spill off India’s southern coast leaves fisherman stranded, marine life impacted

  • Lifestyle
    • All
    • Fashion
    • Food
    • Health
    • Travel
    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Offers More ‘Solorigate’ Advice Using Microsoft 365 Defender Tools

    A moment of reckoning: the need for a strong and global cybersecurity response

    Solar Winds, Office 365 & Shipbuilding…

    Aruba ClearPass Policy Manager Integrates with Microsoft

    Imprivata Expands Collaboration with Microsoft on New Digital Identity Innovations

    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Canada’s 10 biggest stories of 2020

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    AMD breaks revenue records for 2019 and 4Q

    AMD breaks revenue records for 2019 and 4Q

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft is killing off insecure Cloud App Security cipher suites

    Microsoft is killing off insecure Cloud App Security cipher suites

    Rap group call out publication for using their image in place of ‘gang’

    Meet the woman who’s making consumer boycotts great again

    Trending Tags

    • Golden Globes
    • Mr. Robot
    • MotoGP 2017
    • Climate Change
    • Flat Earth
No Result
View All Result
Azure Security News
No Result
View All Result
Home News Business

How to Secure Azure Deployments

by AZURE SECURITY NEWS EDITOR
December 21, 2020
in Business
0
8×8 makes raft of updates to platform
492
SHARES
1.4k
VIEWS
Share on FacebookShare on Twitter

Paul Schnackenburg examines the comprehensive guidance Microsoft offers for “how to do security” in Azure and demonstrates how to use the tool that brings it all together: Azure Security Center (ASC)

That this year has been an interesting one for us in IT is an understatement. It’s been a very good year for public cloud though, with record growth in AWS and Azure. And for many businesses, the “digital transformation” journey towards the cloud has been highly accelerated. Maybe last year’s small proof-of-concept Azure deployments have grown into full-scale production resources. Or the inability to access your co-lo datacenter servers due to COVID-19 restrictions has forced a migration of VMs to public cloud.

Whatever the reason, you may find yourself responsible for a lot more cloud Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) resources and now taking stock of the security posture of all of it.

This article will look at the comprehensive guidance Microsoft offers for “how to do security” in Azure and how to use the tool that brings it all together: Azure Security Center (ASC).

Cloud Adoption Framework
The CAF is a good place to start, at any stage in your cloud journey, particularly for larger businesses. Based on cloud adoption best practices from Microsoft, partners and customers, it has guidance and tools to shape technology, people and processes for cloud success. It covers strategy and planning, migration, governing, management, organization and innovation. Here we’re going to focus on the security strategy, part which covers conceptS such as securing your cloud resources as well as using cloud technology to transform how you do security, along with the shared responsibility model.

Shared Responsibility Model
[Click on image for larger view.]Shared Responsibility Model (source: Microsoft).

Moving to the cloud means that some parts of security (physical hosts/network/datacenters) are now the responsibility of the provider, whereas other parts stay with you (data, endpoint devices, accounts and identities). Further, with IaaS you still have to secure the OS and applications in your VMs, apply network controls and manage your identity directory (Azure Active Directory — AAD). Using PaaS services shifts some of these responsibilities to the cloud provider, depending on the service you’re using. This is one reason that you should look to modernize your applications away from IaaS towards PaaS as there’s less for you to secure, but new features to understand to ensure a good security resilience.

The CAF also covers different admin security roles involved in managing cyberrisk and how they change when you’re in the cloud. More direct guidance is also on offer through a set of recommendations and a reference implementation.

Well-Architected Security Assessment
[Click on image for larger view.]Well-Architected Security Assessment

The Well-Architected Framework, on the other hand, is a set of assessments building on these five pillars:

  1. Cost Optimization
  2. Operational Excellence
  3. Performance Efficiency
  4. Reliability
  5. Security

The assessments ascertain where you’re at today, and then spits out a set of curated guidance to improve your approach.

Azure Security Benchmark
The Azure Security Benchmark (ASB) builds on the Center for Internet Security (CIS) controls to manage security settings for: Network, Identity, Privileged Access, Data Protection, Asset Management, Logging and Threat Detection, Incident Response, Posture and Vulnerability Management, Endpoint Security, Backup and Recovery and Governance and Strategy.

If you haven’t heard of CIS, it’s a not-for-profit that provide security benchmarks for Linux, Windows, Cisco, Docker and many, many other platforms, for free. Microsoft has worked closely with the organization to nail down the CIS 1.1.0 benchmark that surfaces in Azure.

Each of the links above leads to the individual list of controls that you should implement. Take Backup and Recovery as an example. It has four tasks to complete. BR-1 is about ensuring regular, automated backups, and BR-2 stipulates encrypting the backed-up data. BR-3 covers validating all backups including the use of your customer managed keys to do so. After all, you don’t want just backup; you need successful restores, and making sure it all works as expected is vital, including the decryption part. BR-4 talks about recovering lost or accidentally deleted keys using soft delete in Azure Key Vault.

Reading through the ASB (it’s short and concise) will give you a thorough understanding of why each security control is important and what to do, but if that was all you had, it would still be a big project to inventory all your Azure resources and then ensure that every control was enabled for each applicable resource. Fortunately, you don’t have to do any of that — Azure Security Center will do all the heavy lifting for you.

Azure Security Center
When ASC first came on the scene, I wasn’t impressed. It seemed limited in scope and of questionable value. If that’s your idea of ASC, it’s time to revisit it — it has grown up a lot and is now indispensable in any Azure deployment I do for my clients.

Building on the CIS/ASB, it gives you an at-a-glance insight into your overall Cloud Security Posture (CSP — we definitely need another acronym in IT), not only for Azure but also for AWS and GCP. This latter feature is in preview and connects ASC to your AWS and/or GCP accounts as well as the AWS Security Hub/GCP Security Command, so you’ll get their respective security recommendations together with the ASC ones. It also uses Azure Arc on each deployed IaaS resource.

For Azure, ASC relies on a default policy to audit current settings across your PaaS and IaaS resources. Examples include making sure Azure Backup is enabled for VMs, that the latest version of Python is used in your Function App, or that Private endpoints are enabled for your MySQL servers.

Secure Score Recommendations in ASC
[Click on image for larger view.]Secure Score Recommendations in ASC

Further, on the Recommendations blade is Secure Score, an engine that identifies what controls you have already enabled (increasing your score for those) and which ones you haven’t enabled yet. It then rank those in order of biggest score improvement/security posture enhancement. This last point is crucial: non-IT Pros tend to think that if we just come up with a technical solution to a vulnerability, the problem is solved. Not so. What’s needed is a way for time-poor administrators with broad skills — but not necessarily deep technical skills on the nuance, for example — of enabling managed identity in a function app (one of the audits in the default security policy), to gain visibility and an easy way to remediate the issue.

Inventory Blade in ASC
[Click on image for larger view.]Inventory Blade in ASC

The Inventory blade that shows all the resources that are deployed (you need to know what you have to be able to protect it) and security alerts are raised for resources if there are anomalies.

You can also customize this using the Workflow automation blade to compose Logic Apps in Azure to automatically remediate issues. Furthermore, you can connect ASC alerts and recommendations to the SIEM used by your security team (Sentinel, Splunk Enterprise & Cloud, QRadar, ServiceNow, ArcSight, PowerBI or Palo Alto Networks).

Regulatory Compliance Blade in ASC
[Click on image for larger view.]Regulatory Compliance Blade in ASC

The Regulatory compliance blade shows you your current compliance and missing actions with several different regulations: PCI DSS 3.2.1, ISO 27001, SOC TSP and Azure CIS 1.1.0.

Until recently there were two flavors of ASC, the free tier (it gives you recommendations but you’re missing out on many other useful features) and the Standard tier (pricing). This tier is now called Azure Defender.

Best Practices for Azure Security
While there’s good guidance from Microsoft aviailable, here are some tips for Azure security based on my experience. Start by changing how your IT and security team thinks of cyberrisk. Bringing your on-premises mindset to the cloud will cause friction. Thoroughly understand how Zero Trust applies, both to SaaS services your business uses as well as your Azure workloads.

Start with identity and ensure that all your Azure administrators are using MFA (it’s free). Improve on their “prompt on a phone app” MFA experience with Windows Hello for Business and consider using FIDO2 hardware tokens for the ultimate in “un-phishable” credentials (I’m fond of the Yubico series). Invest in Privileged Access Workstations (PAWs), sometimes known as Secured Access Workstations (SAWs), for your IT administrators. Implement Privileged Identity Management (PIM) for access to Azure resources as an additional layer of protection (requires Azure AD Premium P2 licensing).

When administering your cloud VMs, don’t leave the Windows RDP or Linux SSH ports open to the internet. Use Just in Time (JIT) access, or better yet, use Azure Bastion. In preparation for the inevitable breach (“assume breach” is part of the zero-trust approach) use micro segmentation in your network to minimize the blast radius. And to prepare for a coming ransomware attack, ensure that each workload is backed up using Azure Backup and that business-critical workloads are replicated to a secondary region to protect against an entire region outage.

Conclusion
Sometimes when I talk to fellow IT pros, they seem to think that once you’ve migrated to the cloud, security is all taken care of by the provider. This is NOT true and thinking that it is will eventually create a RGE (“Resume Generating Event”) as you look for a new job. However, Microsoft has excellent written guidance and a comprehensive tool in ASC to improve your security posture. Take advantage of them

Reference:https://virtualizationreview.com/Articles/2020/12/17/azure-security.aspx?Page=2

Share197Tweet123Share49
AZURE SECURITY NEWS EDITOR

AZURE SECURITY NEWS EDITOR

Related Posts

Innovative solutions for IT workers at home

ZEDEDA Announces Integration with Microsoft Azure IoT to Seamlessly and Securely Orchestrate Distributed Edge Computing Workloads at Scale

by AZURE SECURITY NEWS EDITOR
February 24, 2021
0

Native integration with ZEDEDA’s orchestration solution for the distributed edge enables end-to-end remote management of the entire Azure IoT Edge...

A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft Affirms Solorigate Attackers Saw Azure, Intune and Exchange Source Code

by AZURE SECURITY NEWS EDITOR
February 23, 2021
0

Microsoft has reconfirmed that the "Solorigate" advanced persistent threat attackers saw some of its source code, although "only a few individual files...

8×8 makes raft of updates to platform

Indonesian Mobile Operator Selects NTT for Microsoft Security Project

by AZURE SECURITY NEWS EDITOR
February 22, 2021
0

NTT last week announced the completion of its first Microsoft Security Project for a cellular operator in Indonesia. The engagement with NTT...

Microsoft To Build New Azure Cloud Data Centers In Greece

NTT completes Microsoft security project for Indonesian mobile operator

by AZURE SECURITY NEWS EDITOR
February 19, 2021
0

NTT has completed its first Microsoft Security Project for a mobile operator in Indonesia. The engagement with NTT includes consulting,...

  • Trending
  • Comments
  • Latest
Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

AZURE DEFAULT RESOURCE GROUP AND DEFAULT WORKSPACE: WHAT ARE THEY?

December 14, 2020
Microsoft Seriously Beefs Up Security in Windows Server 2019

TCS Launches Cloud Exponence on Microsoft Azure

January 21, 2021
Microsoft Launches Host of Security Products in Time for RSA

Microsoft to add two new Microsoft 365 security, compliance bundles to its line-up

November 26, 2020

Lady Gaga Pulled Off One of the Best Halftime Shows Ever

0

Barack Obama’s Now Mainly Focusing on Wearing This Casual Backwards Hat

0

Watch Justin Timberlake’s ‘Cry Me a River’ Come to Life in Mesmerizing Dance

0
Innovative solutions for IT workers at home

ZEDEDA Announces Integration with Microsoft Azure IoT to Seamlessly and Securely Orchestrate Distributed Edge Computing Workloads at Scale

February 24, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

ZEDEDA integrates with Microsoft Azure IoT to provide full lifecycle management capabilities

February 24, 2021
Innovative solutions for IT workers at home

SolarWinds Attack: Proof That On-Premises Active Directory Still an Effective Initial Access Vector

February 23, 2021
Azure Security News

Copyright © 2020 - Azure Security

Navigate Site

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Follow Us

No Result
View All Result
  • Home
  • News
    • Politics
    • Business
    • World
    • Science
  • Entertainment
    • Gaming
    • Music
    • Movie
    • Sports
  • Tech
    • Apps
    • Gear
    • Mobile
    • Startup
  • Lifestyle
    • Food
    • Fashion
    • Health
    • Travel

Copyright © 2020 - Azure Security

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In