With different new work styles and bring-your-own-device (BYOD), organizations have concerns on how they can secure their sensitive data from malicious intent. Security is an integral aspect of any architecture. Data breaches can be significantly costly, ruin company’s reputation, result in job losses and have a long-term effect on consumer trust.
Organizations today have to support access to data and services from both inside and outside the corporate firewall.
Adopt Zero Trust Model
Zero Trust is information security framework which states that organizations should not trust any entity inside or outside of their perimeter at any time but instead continually validate trust. In most organizations, it is assumed that when every user, data and device inside a network is trustworthy and cleared for access. The vulnerability with this is that once the unauthorized user or attacker have access to a network, they can have access to everything within the network.
Adopt a layered approach using Security in Depth
Security in Depth is a strategy that involves the use of multiple rings or layers of security. The idea is to slow down the attacker from obtaining unauthorized information and provide notifications based on telemetry that can be acted upon. Each layer provides protection from being breached by decreasing the unauthorized chance of success.
Data
Data is the most valuable asset of any organization. Regardless of any legal or regulatory requirements, it is in a business’ best interest to ensure protection, confidentiality, availability and integrity of the data.
In most cases, an organizations data is stored in cloud storage, attached disks on virtual machines, databases, tapes, email productivity and SaaS applications. In a cloud shared responsibility model, it is the organization’s responsibility to ensure that proper access, security and compliance needs are met.
Applications
Applications and the data associated with them ultimately act as the primary store of business value on a cloud platform. It is important that the security team reduce the count and potential severity of security bugs in its application by implementing security practices and tools during the development lifecycle.
For each of the application or components, you should be answering these questions
Are you authenticating connections using Azure AD, TLS (with mutual authentication), or another modern security protocol approved by your security team? This protects against unauthorized access to the application and data.
Do you limit which accounts have access to write or modify data in the application to only those required to do so? This reduces risk of unauthorized data tampering/alteration
Is the application activity logged and fed into a Security Information and Event Management (SIEM) via Azure Monitor or a similar solution? This helps the security team detect attacks and quickly investigate them.
Is business-critical data protected with encryption that has been approved by the security team? This helps protect against unauthorized copying of data while at rest.
Is inbound and outbound network traffic encrypted using TLS? This helps protect against unauthorized copying of data while in transit.
Does the application store any sign in credentials or keys to access other applications, databases, or services? This helps identify whether an attack can use your application to attack other systems.
Compute
Access to virtual machines should be secure. You can use update management solution in Azure or any other update management solution to manage system updates for your windows and Linux machines either on Azure or on-premises environments. With update management in place, you can quickly assess the status of available updates, schedule installation of required updates, review deployment results, and create alert to verify that updates applied successfully. This layer focuses on making sure that the compute resources are highly secured and that proper privileges are given to avoid business risk of an attacker causing damage.
Network
This layer focuses on using strong network controls, logically segmenting subnets of the virtual networks, avoiding to assign allow rules with broad ranges, using network security groups to protect against unsolicited traffic into your Azure subnets, implementing secure connectivity to on-premises networks, giving the least required access and ensuring a firewall instance is in place to filter and inspect any type of traffic in egress and ingress.
Perimeter
At the network perimeter, it’s about protecting from network-based attacks against your resources. A key question to ask here is :
Is the application protected against Distributed Denial of Service (DDoS) attacks using services like Azure DDoS protection, Akamai, or similar? This protects against attacks designed to overload the application so it can’t be used
Using Azure DDoS or any related solution will filter large-scale attacks from happening before they can cause a denial of service to the end users.
Identity & Access
This layer focuses on giving the proper access and privilege to what is needed and are logged. Here are some the best practices that should be adopted on this layer
All users should be converted to use passwordless authentication or multi-factor authentication (MFA) over time
Disable insecure legacy protocols for internet-facing services. Legacy authentication methods are among the top attack vectors for cloud-hosted services
Don’t synchronize accounts with the highest privilege access to on premises resources as you synchronize your enterprise identity systems with cloud directories
Use a single identity provider for authenticating all platforms (Windows, Linux, and others) and cloud services
Enforce conditional access for users — This supports a zero-trust strategy
Physical Security
This layer focuses on ensuring that physical building is secure. In a cloud environment, there is a shared responsibility between the cloud providers and customers.
When you adopt the cloud into your infrastructure, then both your enterprise and your cloud provider are responsible for certain security practices. Your cloud provider will outline what you’re responsible for in regard to security in their SLA. The specifics of your company’s responsibilities will depend on the cloud provider, but whatever the case, your enterprise will need to address your responsibilities in your security strategy.
The cloud provider would be responsible for ensuring controlled access to (IaaS, PaaS or SaaS environments). As for a customer’s physical datacenter, it is important to ensure the necessary access controls and monitoring is in place to ensure confidentiality.
#CloudSecurity #ZeroTrustArchitecture #Cybersecurity #MicrosoftTechnologies #IdentityManagement #AccessControl #EndpointSecurity #CloudSecurity #SecurityOperations #DataProtection #InfrastructureSecurity #XDR #SIEM #ThreatDetection #ContinuousImprovement #InformationProtection #DigitalTransformation
Comments