5 Common Security Mistakes When Moving to Azure
This blog was originally published by Cloudtango here.
Written by Jordi Vilanova, Cloudtango.
Microsoft Azure is a powerful and wide ecosystem; covering all security aspects of a cloud environment is a complex undertaking. Although Azure is comprehensively secured by Microsoft, it does work based on a shared responsibility model with their customers. Microsoft Azure - as well as most cloud service providers - is responsible for the security of their physical infrastructure resources and services while the customers must secure all the assets (applications, data, containers, and so on) that they run on its infrastructure. While Azure helps with securing business assets, a great deal of responsibility is shared and requires customers to do their part to secure their Azure cloud. In this article, I discuss what I believe are the 5 most overlooked security steps when moving to Azure.
1. Forgotten in the security posture
Many organizations think that they have a 360 view of their overall security posture, yet when you add a new element to the equation, it may not be automatically accounted for and therefore overlooked. Your organization's security posture is extremely important to securing and responding to disaster recovery, security breaches, and so on. As soon as Azure is accounted for within your security posture, the overall cybersecurity risk decreases, and a more effective response is accomplished.
2. MFA nowhere to be seen
Multi-Factor Authentication* is a security implementation that requires more than one method of authentication. MFA adds an additional layer of security to the authentication process with several verification options such as text messages or mobile app notifications.
You would expect most organizations to integrate multi-factor authentication as part of their way of life, yet you see in so many forum discussions how this process was overlooked within the cloud journey. Enabling Azure MFA or any third party solution should be compulsory to any new migration from minute one, as it is the right way to safeguard access to your data and applications within the Azure cloud.
3. Firewall capabilities not enabled
A firewall is a critical component of a security infrastructure, preventing unauthorized access to a corporate network. Azure Firewall is Microsoft’s official firewall service for protecting Azure Virtual Network resources and an important component for securing Microsoft Azure.
Controlling outbound network access is a key area of the overall network security plan. For example, you may want to limit access to websites. Or you may want to limit the outbound IP addresses and ports that can be accessed. With the firewall enabled, you easily create, enforce, and log application and network connectivity policies.
4. Unencrypted data
Most companies will enable encryption of data at rest and on transit with modern encryption protocols and secure data storage methods. Data in Azure Storage is encrypted and decrypted transparently using 256-bit AES encryption, one of the strongest block ciphers available. Encryption is enabled by default in Azure, which is great news when everything works nicely with your applications. However, applications may often fail when first deployed or migrated onto a new infrastructure, which is why you may disable encryption for troubleshooting purposes when trying to identify the possible conflict. The risk in this case, is to forget to reenable encryption once all has been solved and to leave data at rest and/or in transit unencrypted. Something that would leave a wide-open security gap.
5. The human factor
When it comes to cybersecurity, no matter how you slice it, there will always be a human factor. A critical element to any company’s cybersecurity program is having security controls and policies in place that are customized for their employees.
Through cybersecurity training, employees are brought up to speed on an organization’s IT security procedures, policies, and best practices. Employee “Security” cannot be taken for granted: education modules not only help to ensure staff is aware of all security procedures but that they also follow and understand them. This should help turn your employees into your first line of defense.
When you choose Microsoft Azure for your business, you must carefully design and implement your cybersecurity strategy. This process can become complex for a company without the experience. In most of these cloud journeys, partnering with a Microsoft Azure MSP** makes most sense. An Azure MSP will help you make the most of your defenses with a proactive security plan. Azure MSPs have the knowledge, tools, and resources necessary to make the most of Azure’s security solutions.
Jordi Vilanova is the founder of Cloudtango. Cloudtango connects businesses with thousands of managed service providers (MSPs) across the globe offering an easy way to match business needs with MSPs offerings throughout the industry. Our goal is to facilitate the selection process to those businesses looking to outsource their IT and start their cloud journey.
* More information on Azure MFA can be found here.