• Latest
  • Trending
  • All
  • News
  • Business
  • Politics
  • Science
  • World
  • Lifestyle
  • Tech
Juniper Networks extends connected security with two new updates

Look at Security in the Microsoft Cloud, Part 2: Azure Deployments

December 14, 2020
Microsoft Declares ‘General Availability’ of Threat Experts Security Service

Mindware Partners with Cibecs to Help Regional Organizations Manage and Protect Distributed Endpoint Devices and Data

March 1, 2021
Microsoft To Build New Azure Cloud Data Centers In Greece

Enterprise Key Management Solution Market 2021 Industry Growth Analysis, Future Predictions, SWOT Analysis, By Top Players- EMC Corporation Townsend security Hewlett-Packard Enterprise Gemalto N.V. Microsoft Azure Google Thales e-security International Business Machines (IBM) Broadcom

March 1, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Intel Calls Silicon ‘Greatest Weapon Against Security Threats’

March 1, 2021
Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

Cloud Security in Banking Market Next Big Thing | Major Giants- Sophos, Boxcryptor, Microsoft Azure

March 1, 2021
How to use Microsoft Sysmon, Azure Sentinel to log security events

Microsoft Cloud Announces Three New Vertical Cloud Solutions

February 26, 2021
Innovative solutions for IT workers at home

Privacera Announces Partnership with Talend for Rapid Cloud Data Integration and Governance with Automated Privacy and Compliance

February 26, 2021
Innovative solutions for IT workers at home

What is database encryption?

February 26, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft Releases Azure Firewall Premium in Public Preview

February 26, 2021
Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

Veeam Backup & Replication 11: Enhanced data management for a multi-cloud environment

February 25, 2021
8×8 makes raft of updates to platform

Advancing the Orchestration of Distributed Edge Applications, ZEDEDA Integrates with Microsoft Azure IoT

February 25, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Cloud Security in Banking Market to Witness Huge Growth by 2026 | Microsoft Azure, Trend Micro, Salesforce

February 25, 2021
Innovative solutions for IT workers at home

ZEDEDA Announces Integration with Microsoft Azure IoT to Seamlessly and Securely Orchestrate Distributed Edge Computing Workloads at Scale

February 24, 2021
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Tuesday, March 2, 2021
  • Login
Azure Security News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
    • Home – Layout 4
    • Home – Layout 5
  • News
    • All
    • Business
    • Politics
    • Science
    • World
    Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

    Cloud Security in Banking Market Next Big Thing | Major Giants- Sophos, Boxcryptor, Microsoft Azure

    How to use Microsoft Sysmon, Azure Sentinel to log security events

    Microsoft Cloud Announces Three New Vertical Cloud Solutions

    Innovative solutions for IT workers at home

    Privacera Announces Partnership with Talend for Rapid Cloud Data Integration and Governance with Automated Privacy and Compliance

    Innovative solutions for IT workers at home

    What is database encryption?

    A moment of reckoning: the need for a strong and global cybersecurity response

    Cloud Security in Banking Market to Witness Huge Growth by 2026 | Microsoft Azure, Trend Micro, Salesforce

    Innovative solutions for IT workers at home

    ZEDEDA Announces Integration with Microsoft Azure IoT to Seamlessly and Securely Orchestrate Distributed Edge Computing Workloads at Scale

    A moment of reckoning: the need for a strong and global cybersecurity response

    ZEDEDA integrates with Microsoft Azure IoT to provide full lifecycle management capabilities

    Innovative solutions for IT workers at home

    SolarWinds Attack: Proof That On-Premises Active Directory Still an Effective Initial Access Vector

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Affirms Solorigate Attackers Saw Azure, Intune and Exchange Source Code

    8×8 makes raft of updates to platform

    Indonesian Mobile Operator Selects NTT for Microsoft Security Project

    Trending Tags

    • Donald Trump
    • Future of News
    • Climate Change
    • Market Stories
    • Election Results
    • Flat Earth
  • Tech
    • All
    • Apps
    • Gear
    • Mobile
    • Startup
    Microsoft Declares ‘General Availability’ of Threat Experts Security Service

    Mindware Partners with Cibecs to Help Regional Organizations Manage and Protect Distributed Endpoint Devices and Data

    Microsoft To Build New Azure Cloud Data Centers In Greece

    Enterprise Key Management Solution Market 2021 Industry Growth Analysis, Future Predictions, SWOT Analysis, By Top Players- EMC Corporation Townsend security Hewlett-Packard Enterprise Gemalto N.V. Microsoft Azure Google Thales e-security International Business Machines (IBM) Broadcom

    A moment of reckoning: the need for a strong and global cybersecurity response

    Intel Calls Silicon ‘Greatest Weapon Against Security Threats’

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Releases Azure Firewall Premium in Public Preview

    Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

    Veeam Backup & Replication 11: Enhanced data management for a multi-cloud environment

    8×8 makes raft of updates to platform

    Advancing the Orchestration of Distributed Edge Applications, ZEDEDA Integrates with Microsoft Azure IoT

    How to use Microsoft Sysmon, Azure Sentinel to log security events

    OPS101 – Securing your Hybrid environment – Part 1 – Azure Security Center

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Ending Azure Information Protection Connections to Microsoft Defender for Endpoint

    Microsoft To Open Azure Cloud Data Center Region In Spain

    EMC Corporation Townsend security Hewlett-Packard Enterprise Gemalto N.V. Microsoft Azure Google Thales e-security International Business Machines (IBM) Broadcom

    A moment of reckoning: the need for a strong and global cybersecurity response

    Azure Engineer at VillageMD

    Trending Tags

    • Flat Earth
    • Sillicon Valley
    • Mr. Robot
    • MotoGP 2017
    • Golden Globes
    • Future of News
  • Entertainment
    • All
    • Gaming
    • Movie
    • Music
    • Sports
    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Meet the woman who’s making consumer boycotts great again

    New campaign wants you to raise funds for abuse victims by ditching the razor

    Twitter tweaks video again, adding view counts for some users

    A beginner’s guide to the legendary Tim Tam biscuit, now available in America

    People are handing out badges at Tube stations to tackle loneliness

    Trump’s H-1B Visa Bill spooks India’s IT companies

    Magical fish basically has the power to conjure its own Patronus

    This Filipino guy channels his inner Miss Universe by strutting in six-inch heels and speedos

    Oil spill off India’s southern coast leaves fisherman stranded, marine life impacted

  • Lifestyle
    • All
    • Fashion
    • Food
    • Health
    • Travel
    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Offers More ‘Solorigate’ Advice Using Microsoft 365 Defender Tools

    A moment of reckoning: the need for a strong and global cybersecurity response

    Solar Winds, Office 365 & Shipbuilding…

    Aruba ClearPass Policy Manager Integrates with Microsoft

    Imprivata Expands Collaboration with Microsoft on New Digital Identity Innovations

    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Canada’s 10 biggest stories of 2020

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    AMD breaks revenue records for 2019 and 4Q

    AMD breaks revenue records for 2019 and 4Q

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft is killing off insecure Cloud App Security cipher suites

    Microsoft is killing off insecure Cloud App Security cipher suites

    Rap group call out publication for using their image in place of ‘gang’

    Meet the woman who’s making consumer boycotts great again

    Trending Tags

    • Golden Globes
    • Mr. Robot
    • MotoGP 2017
    • Climate Change
    • Flat Earth
No Result
View All Result
Azure Security News
No Result
View All Result
Home News Business

Look at Security in the Microsoft Cloud, Part 2: Azure Deployments

by AZURE SECURITY NEWS EDITOR
December 14, 2020
in Business
0
Juniper Networks extends connected security with two new updates
492
SHARES
1.4k
VIEWS
Share on FacebookShare on Twitter

Last month I covered security options for Microsoft 365 — both what you get in the basic SKUs and what the higher SKUs provide. This time around I’ll cover Microsoft Azure, both the Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS) services and what options you have to secure your cloud deployments. First, I’ll look at foundational services and technologies, and then move on to specific tools for different deployments.

Azure Resource Manager
It begins with Azure Resource Manager (ARM). Everything in Azure (except really old resources that were deployed years ago under the Azure Service Manager, ASM, model) is deployed using ARM. If you just click buttons in the portal to create a database, a virtual machine (VM) or a virtual network (vNet) an ARM template is created for you and that’s what’s deployed. But you can create your own templates for your business, or customize the available ones. Once you start doing that, however, you’ve got to think about how you’re going to manage secrets such as usernames and passwords for VMs, connection strings, certificates and so on. The solution is Azure Key Vault

Key Vault
Key Vault is the place to store all of your secrets — passwords, RSA keys and certificates, and so on (Figure 1). For ARM you then enable the vault to be used for deployments, and a Web site ARM template, for instance, will “fetch” the TLS certificate, SQL connection string and any other secrets when you’re deploying it.

[Click on image for larger view.]Figure 1. Key Vault in action.

There are two flavors of Key Vault: A1 Standard, which is software-based, or the P1 Premium tier, where the secrets are stored in a Hardware Security Model (HSM), currently Gemalto SafeNet Luna appliances. You can connect a Key Vault to a Certificate Authority (CA) account to automatically create certificates as required.

Policy
An often overlooked gem in Azure is Policy, where you can audit your resources (Figure 2). For instance, you can ensure that all of your SQL Databases have Transparent Data Encryption (TDE) enabled, and automatically remediate if they’re not, or deploy a VM extension to all your Windows VMs to ensure that the Administrators group only contain members you specify. You can also apply policies that limit what type of resources users can create and in which regions they can create them. These are examples of built-in policies, but you can also create your own, giving you a good path to governance and control over your company’s cloud deployments.

[Click on image for larger view.]Figure 2. Azure Policy templates.

RBAC
Role Based Access Security (RBAC) is the part of Azure where you control access to various resources. You can assign roles at the subscription and resource group level and even at the resource level (in very specific situations, it’s a bit like assigning permissions to a specific file in a folder, rather than at the folder level). You can also group multiple subscriptions into management groups (MGs), nest MGs to reflect your organizational hierarchy and assign RBAC permissions at various levels for governance.

RBAC is built around the concept of roles, with four main ones: Owner, Contributor, Reader and User Access Administrator, with more than 40 built in resource-specific roles such as VM Contributor or Monitoring Reader. You can also create your own custom roles. Assigning the correct permissions to resources in Azure is a cornerstone of controlling your security posture.

Security Center
Azure Security Center is another no-brainer for security for all of Azure (and on-premises and other cloud resources, too, if you want). This is a one-stop place for evaluating the security compliance of your IaaS VMs, as well as your virtual networks, your identity configuration and your databases. Just like Microsoft 365 has a Secure Score that I looked at in the last column, Azure now has an overall score for your deployment, along with recommendations for actions that will improve your score (Figure 3). The score is broken down by areas such as Data & storage, Networking and so on. I really like Secure Score in Microsoft 365 and it’s no less useful here, although it’s a little less mature.

[Click on image for larger view.]Figure 3. Secure Score recommendations.

The addition of a score for your compliance with regulations is also welcome, although it’s only in preview at the time of this writing (Figure 4). PCI DSS 3.2, ISO 27001 and SOC TSP are covered.

[Click on image for larger view.]Figure 4. Security Center regulatory compliance.

One of the most important features that Security Center offers for VMs is Just-in-Time Access. If you don’t have a Site-to-Site VPN or ExpressRoute connection from on-premises to Azure, you have to access your Linux machines via SSH and your Windows machines via RDP to administer them. Rather than leaving that access on permanently for the automated scans of attackers and brute force attempts, those ports are closed until an administrator logs on to the Azure Portal, performs a Multi-Factor Authentication (MFA) and then the relevant port is opened for a set amount of time, perhaps an hour. This significantly lowers your attack surface.

Security Center also gives recommendations for your PaaS workloads such as Azure SQL Database, App Services, Blob storage accounts and virtual networks.

Load Balancer
If you want to distribute TCP or UDP traffic to multiple endpoints in Azure (plus on-premises for high availability), the Load Balancer is the way to go. You can either use it as a public load balancer for traffic from the Internet or internally between subnets inside your virtual network. If on the other hand you have Web traffic that you need to distribute between nodes for scale and availability, you should look at the Application Gateway and its sister, Web Application Firewall.

Application Gateway
Application Gateway (AG) is specifically for protecting Web resources, either in App Services or in VMs that you manage. Because AG operates at layer 7 it can be more specific and redirect traffic to a specific URL, for instance (/images to this server, /videos to this other one). It also support SSL termination and optionally you can enable the Web Application Firewall (WAF) part of AG. This will give you built-in protection against SQL injection and cross-side scripting, as well as the entire Open Web Application Security Project (OWASP) core rule set, either version 2.2.9 or 3.0. If a particular rule or group of rules aren’t applicable to your Web sites, you can disable them. WAF also integrates with Security Center.

Networking
Most resources in Azure either must be or can be deployed to a vNet. Within a vNet you can use subnets and Network Security Groups (NSGs), a software firewall to control traffic flow to and from resources. NSGs are part of Azure and don’t cost extra, but can be tricky to manage at scale. Another option is Azure Firewall, which is a managed firewall with cloud scalability that can be deployed in a hub network for centralized firewall traffic management. With Firewall you can control both incoming and outgoing traffic, including limiting outgoing traffic to a list of FQDNs.

Azure is always protecting all resources with DDOS protection, but if you need specific insight into malicious traffic targeted at your specific resources, the Standard SKU of DDOS Protection is the way to go. It even provides offsets on your bill for data transfer and application scale-out costs for documented DDOS attacks.

You may have heard of Microsoft’s new security information and event management (SIEM) play — Azure Sentinel — currently in public preview. Next month I’ll do a deep dive on Sentinel and how you can use it to further improve your Azure security posture.

I trust that this overview has given you pointers to the security controls you can use to improve the security posture of your cloud deployments.

Reference:https://virtualizationreview.com/articles/2019/03/27/security-in-the-microsoft-cloud-part-2-azure-deployments.aspx

Share197Tweet123Share49
AZURE SECURITY NEWS EDITOR

AZURE SECURITY NEWS EDITOR

Related Posts

Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

Cloud Security in Banking Market Next Big Thing | Major Giants- Sophos, Boxcryptor, Microsoft Azure

by AZURE SECURITY NEWS EDITOR
March 1, 2021
0

The Global Cloud Security in Banking Market Report provides a holistic evaluation of the market for the forecast period (2020–2026)....

Innovative solutions for IT workers at home

What is database encryption?

by AZURE SECURITY NEWS EDITOR
February 26, 2021
0

Database encryption protects sensitive information by scrambling the data when it’s stored, or, as it has become popular to say,...

Innovative solutions for IT workers at home

ZEDEDA Announces Integration with Microsoft Azure IoT to Seamlessly and Securely Orchestrate Distributed Edge Computing Workloads at Scale

by AZURE SECURITY NEWS EDITOR
February 24, 2021
0

Native integration with ZEDEDA’s orchestration solution for the distributed edge enables end-to-end remote management of the entire Azure IoT Edge...

A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft Affirms Solorigate Attackers Saw Azure, Intune and Exchange Source Code

by AZURE SECURITY NEWS EDITOR
February 23, 2021
0

Microsoft has reconfirmed that the "Solorigate" advanced persistent threat attackers saw some of its source code, although "only a few individual files...

  • Trending
  • Comments
  • Latest
Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

AZURE DEFAULT RESOURCE GROUP AND DEFAULT WORKSPACE: WHAT ARE THEY?

December 14, 2020
Microsoft Seriously Beefs Up Security in Windows Server 2019

TCS Launches Cloud Exponence on Microsoft Azure

January 21, 2021
Microsoft Launches Host of Security Products in Time for RSA

Microsoft to add two new Microsoft 365 security, compliance bundles to its line-up

November 26, 2020

Lady Gaga Pulled Off One of the Best Halftime Shows Ever

0

Barack Obama’s Now Mainly Focusing on Wearing This Casual Backwards Hat

0

Watch Justin Timberlake’s ‘Cry Me a River’ Come to Life in Mesmerizing Dance

0
Microsoft Declares ‘General Availability’ of Threat Experts Security Service

Mindware Partners with Cibecs to Help Regional Organizations Manage and Protect Distributed Endpoint Devices and Data

March 1, 2021
Microsoft To Build New Azure Cloud Data Centers In Greece

Enterprise Key Management Solution Market 2021 Industry Growth Analysis, Future Predictions, SWOT Analysis, By Top Players- EMC Corporation Townsend security Hewlett-Packard Enterprise Gemalto N.V. Microsoft Azure Google Thales e-security International Business Machines (IBM) Broadcom

March 1, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Intel Calls Silicon ‘Greatest Weapon Against Security Threats’

March 1, 2021
Azure Security News

Copyright © 2020 - Azure Security

Navigate Site

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Follow Us

No Result
View All Result
  • Home
  • News
    • Politics
    • Business
    • World
    • Science
  • Entertainment
    • Gaming
    • Music
    • Movie
    • Sports
  • Tech
    • Apps
    • Gear
    • Mobile
    • Startup
  • Lifestyle
    • Food
    • Fashion
    • Health
    • Travel

Copyright © 2020 - Azure Security

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In