Security is a top priority for any organisation in the cloud, but it is a complex discipline. We recently published a blog post looking at how vendor services can take cloud security to a higher level. That piece focused on examples from AWS. Here, Azure cloud engineering specialists Tamara Harris and Bob Larkin explore solutions from Microsoft. Several can be used in on-premises and various cloud environments (not just Azure), optimising security management across multiple platforms.
The cloud security mix
Wherever you are in the cloud adoption journey, protecting systems and data with robust security practices is vital. However, security tools and approaches for traditional settings don’t always work well in cloud-based environments. This can be a big concern, especially for organisations in highly regulated industries like financial services and healthcare. In these sectors, the protection of personal and sensitive information must be reliable, transparent and auditable.
Cloud vendors have stepped up to this challenge with excellent security tools and services. Selecting the right tools, then implementing them in the right way, is the cornerstone of a sophisticated security strategy. Some of Microsoft’s tools act as a single pane of glass enhancing management and visibility across on-premises environments, Azure and other cloud platforms.
Microsoft Defender for Cloud
This free cloud security platform is enabled by default on any resource you deploy, and automatically includes security posture management. However, enabling enhanced security features, such as Defender for Endpoint (offering endpoint detection and response) or multi-cloud capabilities (covering both AWS and Google Cloud Platform) takes this up a notch. Another option is hybrid security. This offers protection of on-premises resources as well as access and application controls which block malware and other unwanted applications. You can see a full overview of Microsoft Defender for Cloud’s enhanced security features here.
Additional benefits of this platform include the ability to audit against industry compliance standards. These include ISO 27001 for information security, CIS benchmarks for cybersecurity, the Payment Card Industry Data Security Standard (PCI DSS) and more. As well as viewing and enforcing the standards, you can export compliance status details to make the auditing process easier.
The Azure Policy tool is used to review and enforce compliance against industry standards and custom policies. It also has the ability to auto remediate based on policy requirements.
Let’s assume your subnets require an NSG (Network Security Group) to provide network protection for compliance reasons. With Azure Policy, you can block the deployment of any subnets without an NSG attached.
The ability to create custom policies means you can also enforce your own company guardrails. For example, you might introduce policies to ensure resources can only be deployed to certain regions or require certain tags.
This powerful reporting and analytics tool focuses on collection and analysis of telemetry data from cloud and on-premises environments. It provides information on how applications are performing so you can identify and act on any issues.
There are many features to this tool. Some of the most valuable capabilities we’ve used include the detection and diagnosis of issues with Application Insights and using Log Analytics for deep diagnostics.
Privileged Identity Management (PIM) is an Azure Active Directory service. It allows you to grant users just-in-time access to resources, rather than allowing constant access and permissions. When users request access, approval can be given manually or automatically depending on the settings. Implementing PIM also provides an audit trail of when users activate their privileges.
Additional features include the ability to assign time-bound access to resources and to enforce multi-factor authentication. If appropriate, users may have to provide justification for activation, and managers can receive notifications when privileged roles are activated. Regular access reviews can also be conducted.
Azure DDoS Protection service
Azure provides defence against common network layer attacks through always-on traffic monitoring and real-time mitigation. Distributed Denial of Service (DDoS) Protection Basic defends against the most common Layer 7 DNS Query Floods and volumetric attacks. It has a proven track record protecting Microsoft’s enterprise and consumer services from largescale attacks. You can enable this tool without any configuration or application changes; it’s integrated by default with no additional costs attached.
For more in-depth pattern analysis, Azure offers DDoS Protection Standard. This continuous monitoring solution actively looks for indicators of attack or suspicious behaviour. It understands your resources, and customises their protection.
Microsoft Sentinel is described as a full security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution. It provides a single pane of glass view across your entire estate, offering advanced protection using artificial intelligence to detect, investigate and respond to potential attacks. This is particularly useful for large enterprises with vast amounts of data to ingest and monitor.
The system can aggregate data from on-premises platforms and any cloud platform. It provides better visibility for security monitoring, integrating seamlessly with Microsoft solutions like 365 Defender, Azure AD and Microsoft Defender for Identity. You can use analytics to group alerts, leveraging machine learning to reduce noise and prioritise high-risk threats. Similarly, automation can be used to create playbooks using Azure Logic Apps to aid investigation and remediation. These can be lifted from a library of built-in playbooks, or you can write your own with custom code.
Sentinel’s powerful features allow you to take control of your estate’s security and deep dive into your data.
This unified data governance service centralises the management of on-premises, multi-cloud and software-as-a-service (SaaS) data. It enables the creation of a data landscape map with automated data discovery, sensitive data classification and end-to-end data lineage. Data curators benefit from straightforward security management across the entire estate, and it’s also easier to find relevant data.
The data landscape map can be expanded with three purpose-built apps allowing:
- Data discovery – creating graphs and data relationships.
- Data catalogue – so users can quickly and easily find relevant data using filters, classifications and glossary terms.
- Data estate insights – whereby governance stakeholders obtain an overview of what data is held and where.
Additional benefits of Microsoft Purview include data scanning and classification as a service for assets.
Choose the best tools for your situation
With Azure, many security tools come as standard, but they do need to be activated. Understanding how to implement them, and how much protection they bring, is an important aspect of cloud security best practice.
From here, you need to consider which additional paid-for services are worth investing in. This will be dictated by your organisation’s security goals and any compliance requirements associated with your industry or company policy. Reviewing your architecture against the security pillar of Azure’s Well-Architected Framework can ensure decisions are well-informed.
As with any area of IT, vulnerabilities and best practices are always evolving. Optimising cloud security is an ongoing journey that requires a continual improvement mindset. Exploring and leveraging the latest tools and services from cloud vendors can help you keep on top of the security game.