Eradicating the security risks when deploying in Azure

Eradicating the security risks when deploying in Azure

Great news – you’ve successfully deployed a new workload in Azure.

The migration went smoothly – and things appear to be running well.

Here’s the thing though. Now that that workload is outside your corporate walled garden, how do you really know your new environment is secure?

Chances are – it’s not!

The Azure security challenge

Many companies are not aware of their own ‘security posture’ once they’ve deployed their environments within Azure.

Once an environment is established, it can be difficult to put all the ‘Lego pieces’ together to form not only a good security baseline, but also a response framework (should it be needed).

Understanding the risk contributors

CIOs, CSOs and Operations Managers need to take heed of the following:

1 – Access control

Most customers move their workloads to Azure to benefit from ease of development and speed of deployment. But once everything is deployed, if not designed properly their access controls could leave the company vulnerable from multiple angles. Securing applications with Multifactor Authentication can be challenging – with guidance, Azure makes this simple.

2 – Network security

Consider the entry points from where your applications and servers need to be accessed. Azure has multiple layers of network security available, a simple one to check is ensuring your data is encrypted in transit.

3 – Patching

Many customers implement monthly patching cycles – a process which doesn’t account for zero day vulnerabilities. With guidance, Azure has a comprehensive toolkit to assist.

4 – Data encryption

Data is often encrypted when in transit – but what about whilst it’s at rest? This need extends beyond IaaS – and into PaaS as well (eg encrypting storage accounts).

5 – Virtual machines

Many customers don’t realise that all Virtual Machines (VMs) deployed in Azure have full internet connectivity. If these VMs host sensitive data, that data could be uploaded to 3rd party storage, bypassing the company’s data sovereignty posture.

6 – Brute force attacks

Generally customers aren’t aware of brute force attacks until after the fact. With guidance, Azure Security Centre with automation can alert and instigate action much more rapidly than traditional approaches.

Key questions to be answered

To start down the path of ensuring the security of any Azure workloads, key questions to be answered include:

  • How do we protect our web applications once they’re in Azure?
  • How do I know the data I store in Azure Storage is encrypted – and who has access to it?
  • How do we ensure that our Admins are managing our infrastructure securely?
  • How do we allow 3rd party vendors into our systems without compromising our security posture?
  • What tools are at my disposal to gain insights into my security posture?

How CNI can help

CNI can proactively provide the guidance referenced within the above points.

CNI applies a baseline security posture to every Azure customer’s deployment to ensure the lowest attack surface possible is presented. Protection from the public internet and internal systems are paramount for a secure environment.

There are many ways to achieve a secure environment – and recognising that each customer has different requirements, budgets and postures – CNI utilises numerous security measures that can be used individually or in combination to achieve the desired result.

To find out more about how CNI can help you to ensure your workloads are secure in Azure, REGISTER for our FREE WEBINAR on Wednesday 20th June 2018 at 11am.