Most of you are thinking about security. Many of you are using the cloud. And because many of you are Microsoft shops, you’re probably using – or likely to choose – Azure.
For those of you on Azure looking at cloud security, the first thing to understand is that, similar to other cloud platforms, Azure involves a shared security model. While Azure and Microsoft are responsible for securing its infrastructure, you remain responsible for securing your applications running in Azure.
As you move from Infrastructure as a Service (IaaS) to Platform as a Service (PaaS) to Software as a Service (SaaS) on the cloud continuum, you are responsible for more and more of your individual security controls. Therefore, you will need to follow cloud security best practices, including essential monitoring, scanning, and access control.
These five best practices will help you conquer security in Azure.
1. Establish secure access control and account management policies
Your Azure account holds the keys to your kingdom, so it’s extremely important to apply the appropriate security to protect your environment. Start by setting up your Azure account properly, following the guidelines that Microsoft provides. You’ll need to answer one key question: Who in your organization needs access? Limit your answer to only those who require it. Giving access to too many people puts the security of the account more at risk.
Another important aspect of cloud security is restricting access to the management plane, which is essentially the web interface and APIs that configure, monitor, and control your cloud environment. If the bad guys get access, they essentially have free reign over the kingdom.
This means you need to lock it down. Here are three ways to do so:
- Enable multi-factor authentication. Do so for all users, but especially administrators and other privileged users.
- Use roles. The primary role is the account administrator, and only one of those can exist per Azure account. This is who signs up Azure subscriptions, and is authorized to access the Account Center in Azure to perform various management tasks. For accounts used on a daily basis, you can create separate co-administrator accounts using Azure Active Directory (AAD), another important Azure tool. AAD can also be used to secure access to the Azure management API, and to help with management of users and groups.
- Implement Role-Based Access Control (RBAC). Using RBAC, you can control which cloud resources your employees can access and what actions they can perform on those resources, as well as grant only the access that users need to perform their jobs.
Key to all security strategies, particularly in the cloud, is your organization’s ability to control access to your systems, which depends on the proper use of credentials to validate users and applications. After setting up your account and your virtual machines (VMs), the most important things you can do are implement a strong password management process and a credential management process— both critical functions of access control.
2. Configure your Azure VMs with security in mind
Set up your Azure VM based on your workload or particular use case. Azure provides many available images, including Windows Server, as well as Linux, SQL Server, Oracle, IBM, and SAP. Azure provides step-by-step guidance for VMs during the setup process. Don’t forget to create an SSH key pair to enable password-less logins and better security, and ensure the root user is disabled (note that by default, the root user is disabled on Linux VMs in Azure).
Next, reduce your attack surface in Azure. Start by properly configuring the built-in security control features, including Azure Security Center. Then, control your access points to Azure. The platform allows multiple access methods, so it’s important to restrict remote access to your VM from a dedicated hardened workstation. Azure also allows Network Security Groups (NSGs), which can help control traffic to your VM instances. And finally, as referenced above, follow good credential management practices to further mitigate risk.
3. Scan your Azure virtual systems regularly for vulnerabilities
Typical cloud vulnerabilities result from improperly patched systems, cloud asset misconfigurations, and poorly managed credentials, leading to common attacks such as SQL injections, account and service hijacking, and distributed denial of service (DDoS) attacks. Vulnerabilities in the Azure cloud are no different.
Perform basic patch management and vulnerability scanning to identify misconfigurations in your Azure environment. Note that this is not a trivial effort—scanning cloud assets is not the same as scanning your on-premises and data center infrastructure. Effective tools are rare, so make sure you find one that helps you scan for vulnerabilities and misconfigurations in Azure and easily integrates with your other security.
4. Monitor your environment for inappropriate or suspicious use
With Azure’s shared security approach, Microsoft will monitor its servers and networks. At the application level, Azure provides tools for security monitoring; however, these Azure-only tools lack some essential security capabilities. They’ll need to be enhanced with additional tools, as you are ultimately responsible for securing your cloud environment. Look for security solutions that are native-built for Azure and provide critical security monitoring capabilities, including vulnerability scanning, intrusion detection, and Security Information Event Management (SIEM).
One of the tools available through Azure is Azure Security Center (ASC). Offered as a free or paid service, ASC provides basic security monitoring and policy management across your Azure subscriptions, and also collects data from your VMs in order to assess their security state, provide security recommendations, and alert you to threats.
To bring ASC and your other Azure security controls together, effective integration of a SIEM is critical. However, integrating Azure logs and data into your existing SIEM tool can be challenging. Azure provides some tools, including Azure Monitor and Azure Log Integration, that enable you to integrate logs from assets deployed in Azure to third-party SIEM tools, but you need a comprehensive SIEM tool that is purpose-built for Azure to bring all your data sources together and deliver the visibility you need for effective monitoring and threat detection.
5. Apply continuously updated threat intelligence to find new and emerging threats
Threat intelligence is actionable information your IT team needs to automatically detect threats in your network and prioritize the response to those threats. Examples include vulnerability signatures for the latest cloud vulnerabilities and uncovering new threats that are impacting cloud environments. Look for threat intelligence that’s easily integrated into your existing security tools.
Defending the kingdom
Moving to the Azure cloud can deliver great benefits to organizations, but it takes planning and foresight. Security remains a concern for most organizations, but the Azure security best practices laid out here should steer you in the right direction. By following each of these guidelines—from establisiteseekerng security access control to keeping your system together with threat intelligence—your Azure security should be able to stand up to the toughest security threats.
About the author
Jake Mosher is a Senior Product Marketing Manager at AlienVault and is responsible for product messaging and positioning, go-to-market strategy, and sales enablement. Prior to AlienVault, Jake held various product marketing and strategy roles at Symantec Corporation. Jake has an MBA from the University of Texas at Austin and a B.A. in Business Economics from UCLA.