Azure Security – Starter for 10

I often hear from customers, colleagues and industry experts on how the cloud can affect their security posture, and whether it is improved, or negatively impacted when applications are deployed.

The industry has now matured enough for businesses to start moving their enterprise and production workloads into the public cloud platforms. This is no doubt down to the massive investment made from the likes of Amazon and Microsoft on their compliance accreditation and technology capabilities.

So what about compliance?

Compliance accreditation is a critical component to any cloud provider… it shows the processes and platforms meet industry recognised standards. Just take a look at the level Amazon and Microsoft have. You can see all the main ones in there, including PCI-DSS, G-Cloud and ISO27001.

However, one thing people often miss out is that these are only platform level certifications, and the responsibility for data integrity and security is solely the responsibility of the customer.

People and Process

Remember that information security relies on so much more than just providing a technological capability. During your cloud adoption programme, it is critical that you adapt your target operating model to be cloud friendly.

I will write another blog in the coming weeks on some quick wins to on this. For this post however, I will cover some no brainers to help secure your tenancy.

1. Enable multi-factor authentication

You see it all the time in the news… passwords are often compromised and sold on the ‘dark web’. Simply take a look at have I been pwned to see if you are have been caught.

There is another level of protection you can be apply; and that is a second challenge to prove the person logging in is who they say they are.

Options available include one time passwords (think fobs or tokens), phone calls and text messages and device level authentication. All are now available from the major cloud providers.

Amazon: https://aws.amazon.com/iam/details/mfa/

Microsoft: https://azure.microsoft.com/en-gb/services/multi-factor-authentication/

2. Configure role based access control and just-in-time administration

IT administrators can be lazy… it is often easier to give an administrative account full access to everything. These accounts are often used as the day to day accounts aswell. This cannot happen in this day and age.

Therefore, it is critical to provide dedicated administrative accounts that have the minimum access required to complete their role. This is following the principle of least privilege. Take a look at using the inbuilt roles, or where needed create custom roles to limit a users access to their job description.

To improve on this RBAC, invest in a privileged access management capability to ensure accounts are protected, access is only granted when needed and most of all, it is logged.

3. Encrypt your data

We have all seen the news, where data has been stolen and corporate secrets. This might be down to a compromised account or an employee who left on negative terms. How can you protect against this?

Simple, encryption. Each cloud provider provides an encryption solution, that can do both data at rest and the data disks that are attached to your VMs. Add an extra layer of security by enabling a key management solution such as Microsoft Key Vault or Amazons KMS to ensure your administrators do not see the keys.

4. Automate, automate and automate some more

My final point for todays blog is around the benefits of automation on your security posture. Not only are you saving time on deployment, you are removing the risk of errors and ensuring security controls are compliant and deployed every time.

Using tools like PowerShell DSC, Azure resource manager and amazon cloud formations, you can ensure your applications are deployed the same, every time. Once you integrate these scripts into a version control system like git, and integrate with workflows and CI, you can validate what is being deployed and whether anything has changed.

Until next time

This was a very quick starter for 10, and I hope it has helped in some of your initial design patterns. I will be writing a full series on designing your security patterns for the cloud in the coming weeks… so watch this space.

More News

We're Hiring: Business Development Executive

Are you an experienced BD professional who enjoys the customer journey as well as the ‘sell’? We are a fast-growing strategic consultancy with a specific focus on cloud service and cybersecurity solutions in the financial services sector. If you are passionate about sales, driving new business and helping to shape the next chapter in our […]

Read More 

The Power of Partnerships - Trailblazing Tech Conference 2021

We’re really excited to be sponsors of pro-manchester’s Trailblazing Tech Conference for 2021 – not least because we’re going to be networking in a room with ‘actual people!’ but because events like these give us the opportunity to build the relationships we need to grow our business. We know that’s not news right, get out […]

Read More 

Yobah goes triple silver with latest Microsoft Accreditation

FinTech growth specialists Yobah announce Microsoft Silver Security partner competency.  Manchester-based technology growth firm Yobah has secured Microsoft certification which recognises excellence in the implementation, management and monitoring of security and compliance solutions.   Originally set up in 2013 by Founder and CEO Paul Sanders, Yobah began life as a small consultancy firm and has since grown to become a provider of […]

Read More