What is Azure Security?
Azure Security refers to security tools and capabilities available on Microsoft’s Azure cloud platform. In this article, we’ll discuss Azure Security and the Azure Security Center.
Definition of Azure Security
Azure Security refers to security tools and capabilities available on Microsoft’s Azure cloud platform. According to Microsoft, the tools for securing its cloud service encompasses “a wide variety of physical, infrastructure, and operational controls.”
As a public cloud computing platform, Azure can support multiple programming languages, operating systems, frameworks, and devices. Customers can access Azure’s services and resources, as long as they are connected to the Internet.
What is Azure Security Center?
Azure Security Center is a unified security management system offered by Microsoft to Azure customers. Some Azure Security Center benefits customers can enjoy are:
- Providing visibility and control over the security of Azure resources (like Virtual Machines, Cloud Services, Azure Virtual Networks, and Blob Storage).
- Protecting hybrid workloads deployed in Azure or non-Azure environments and on customers’ premises.
- Strengthening security posture. The Azure Security Center checks the cloud environment and helps customers understand the status and security of their resources.
- Detecting and blocking cyber security threats. There’s a single dashboard that provides Azure Security Center alerts and recommendations. This also helps with regulatory compliance as security policies can be streamlined across the Azure Security Center dashboard.
Moreover, the Azure Security Center addresses the following security issues and challenges:
- Ever-changing workloads:While customers can do more on the cloud, the services they use change all the time. The Azure Security Center helps in reducing the difficulty of implementing security standards and best practices consistently.
- Increasingly sophisticated attacks:As more customers run their workloads on the public cloud, attacks are becoming more sophisticated. Customers must ensure that they also secure their workloads, but doing so could expose them to more vulnerabilities if they don't follow security best practices. Azure Security Center can help take care of that task.
- Shortage of security skills:A high number of security alerts and alerting systems can overwhelm administrators, especially if they’re not experienced. But Azure Security Center can help administrators go toe-to-toe with attacks.
How Microsoft and Digital Guardian Help Protect Your Sensitive Data
How Azure Security Works
Azure Security documentation shows that Microsoft Azure Security infrastructure operates under a shared security responsibility model. This means security is a joint effort between Azure and the customers, except in an on-premise setting where the customers carry all the responsibilities. However, as customers move into the cloud, some Azure customer security responsibilities are transferred.
This is how the division of responsibilities changes across different cloud service models:
- In IaaS (infrastructure as a service), Azure takes over physical security (hosts, networks, and datacenter).
- In PaaS (platform as a service), Azure takes over physical security and the operating system. Azure shares identity and directory infrastructure, network controls, and applications with the customers.
- In SaaS (software as a service), Azure takes more responsibilities: physical security, operating system, network controls, and application. Azure would still share identity and directory infrastructure with the customer.
In a nutshell, Azure secures the physical infrastructure, then the division of responsibilities changes depending on the cloud delivery model. Customers have more responsibilities in IaaS than in PaaS or SaaS. Regardless of whether it’s on-premise, IaaS, PaaS, or SaaS, customers are always be responsible for these three aspects: data governance and rights management, account and access management, and endpoint protection.
Azure Security Best Practices
The Azure Security documentation is also a handy source for security recommendations and best practices. Here are some tips to get you started quickly:
- Upgrade your Azure subscription to Azure Security Center Standard to enjoy more functionality, like finding and fixing security vulnerabilities, detecting threats with analytics and intelligence, and quick response to an attack.
- Store your keys in the Azure Key Vault. This vault is designed to support passwords, database credentials, and other secrets.
- Install a web application firewall.
- Use Azure MFA (Multi-factor Authentication), especially for admin accounts.
- Encrypt virtual hard disk files.
- Connect Azure VMs (virtual machines) to other networked devices by placing them on Azure virtual networks.
- Use Azure’s DDoS services to prevent and mitigate DDoS (distributed denial of service) attacks.
- Have security policies in place to prevent abuse. To help you get started, Azure can auto-generate a security policy per an Azure subscription.
- Regularly review the Azure Security Center dashboard. The dashboard provides a central view of your Azure resources and recommends actions.
- Implement Azure Security Center’s Role-Based Access Control (RBAC). There are five built-in roles (Subscription Owner, Resource Group Owner, Subscription Contributor, Resource Group Contributor, and Reader) and two unique security roles (Security Administrator and Security Reader). These roles vary in permissions.
Remember that cloud security is a shared responsibility between you and Azure. Depending on the cloud delivery model, the responsibilities you share with Azure will change. Don’t forget too to implement the security practices recommended by Microsoft.
Digital Guardian is a proud member of MISA (Microsoft’s Intelligent Security Association) since 2018. MISA is composed of independent software vendors whose goal is to help users better defend themselves against cyber threats. Check out our cloud data protection solution today by scheduling a demo.