One of the things I get asked on a weekly basis is, How do we secure an Azure environment? So I thought I’d take some time to write a few blogs on the subject, a slight change from my usual new Azure tech blogs.
When using Azure or any public cloud for that matter security as always is a big subject that has to be addressed. Now I’ve had people say to me, hey we’re using the cloud because then Microsoft will deal with security for us. NO, NO, NO this is not true! And basically a bit of a mis concept. While it is true that Microsoft do address security and offer you a secure and hardened platform you still have a responsibility to secure and harden your environment. I mean hey if you go and open a port to your VM and expose it, that’s not something Microsoft can control. The same regarding brute force attacks, customized WAF rules and the list goes on and on and on.
In a nutshell, that I will expand on in following posts, Microsoft offers us multiple solutions to help secure and harden our environments, these include:
- Microsoft Defender for Cloud (Previously Azure Security Center)
- Microsoft Defender for Workloads
- Azure Front Door (Globally distributed WAF)
- DDoS Protection plans
- Azure Sentinel
- A large array of 3rd party solutions available in the Azure Marketplace
Now with respect to all security solutions be them Microsoft or 3rd party everything starts with a correctly architected and configured environment. No solution in the world can fully protect you if you mis-configure your environment in a catastrophically way.
Microsoft also comes to our aid at this stage. For those of you not familiar Microsoft have the Cloud Adoption Framework documentation. The Cloud Adoption Framework is a fully documented framework and methodology to help you Assess, Prepare and Migrate your environments to the cloud. This of course includes modernization of your environment and most importantly SECURING it. In other words, this is Microsoft Best Practices for your cloud journey including Securing your environment. This includes full explanations as to what Microsoft does and what your responsibility is, guidelines on how to fulfill that responsibility, and also guidelines for different Azure services with detailed explanations on how to address each service.
In my next post I will address initial architecting of an Azure environment and how we stress security from the platform level with all the basics in place such as: MFA, Access Control, Segmentation, governance, and more