Contact Us




Change Locale

Azure Security Best Practices

Cloud | Posted on October 26, 2017 by Tadd Axon

There is a lot to love about Azure and what it offers organizations in terms of capabilities for compliance and security.

Nevertheless, even the simplest cloud projects require scrupulous planning, research and ongoing care. If you do not follow these best practices for Microsoft Azure security, risks will invariably follow. 

Why Azure security needs your attention 

Cloud platforms like Azure offer security technologies, resources and infrastructure that are beyond the reach of most organizations. Even so, there are plenty of things you can do (or not do) to put your cloud data at risk. It is best to think of Microsoft Azure security as an opportunity to augment your own capabilities by taking advantage of what Microsoft does as a baseline. However, neither Azure nor any other IaaS platform will ever replace your security responsibilities completely.

The key to Azure security is understanding that this is a “shared responsibility” model. Cloud providers like Microsoft take some of the traditional burdens off your plate. But not all of them. Depending on the style of cloud you are pursuing, whether IaaS, or PaaS, the level of involvement you need to maintain will fluctuate.

The central point is always the same: You must be aware of what responsibilities and what part of the security regimen you are accountable for and how much of it resides with the provider. Microsoft Azure security can give you the most powerful threat detection and robust data housing imaginable. But it’s all for naught if you drop the ball on your end!

Here are some recommendations to ensure your cloud strategy is as secure as it is effective.

1. Make identity and access management a best practice

Cloud platforms like Azure give you the chance to simplify and strengthen your identity management and access controls. Here, organizations are in the driver’s seat when it comes to establishing how granular, strict, and usable these controls are.

Best practices at this stage include operating on the principle of “least privilege”. This means limiting individual access to the smallest possible number of workloads, applications and data possible. From there, you can broaden access on a role or situation-based need. You also want to consider multi-factor authentication services, which come ready-to-go with Azure and AWS. This makes it easy for users to quickly engage with your cloud applications, while ensuring the right people have access, and no one else.

2. Simplify end-user security (and automate whenever possible)

Typically, the business makes the policy decision, and IT implements the technical controls to enforce it. However, the end-user is the one who puts those policies to work. Something as crucial as data classification needs to be robust enough to keep your data safe, but also easy enough to apply. If a user doesn’t understand how to classify a document going up on SharePoint Online – or the process is too complicated – they simply won’t do it.

You also want to consider how much automation you can leverage to take as much of the human error factor out of the equation. For example, you can automatically ensure end-user machines continually align with a configured security policy. You can also apply technical protection to a document contained in a certain folder.

3. Secure deficient applications before you move

If you move an in-house application with security deficiencies to the cloud, it will magically be fixed! Just kidding. The lift and shift approach only works safely if the app you are moving is already secure.

Businesses need to understand the vulnerabilities and dependencies of systems before swapping them to hosted infrastructure. This involves knowing which applications depend on which workloads. It also means taking responsibility for patching, monitoring and fixing your code for on-premise business systems before moving them.

 4. Pay attention to encryption and key management 

If disaster strikes, you had better have a plan.  Not only should you have a clear disaster recovery and backup strategy in place, you need to pay close attention to encryption and key management. Assume for a moment that all your data is hosted and encrypted in the cloud. Now imagine your encryption keys are stored in an appliance in your server room, separated from the systems that depend on them for security purposes. Failure of that on-premise hardware means that your data remains safe and sound – and completely useless – encrypted at rest, with minimal hope of recovery in the cloud.

Now what? 

There is a lot businesses need to take care of to ensure security in the cloud. While this list is a good starting place, if you have questions, please reach out. We’re always happy to help.

Softchoice Professional Services: Speed your Azure deployment with the right expertise

Related Articles

Cloud | December 11, 2019 by Karly Pierce

IT organizations have seen too much of their time consumed by non-strategic tasks. This comes at great cost to their bottom lines and cloud transition strategies.  In fact, a 2018 Stripe survey found that between dealing with bad code, technical debt and various refactors or modifications, most of the typical developer workweek was wasted.   That […]

Cloud | November 28, 2019 by Ryan Demelo

Among the biggest obstacles to IT resilience is the “data dilemma.”  That data has become “the new oil” is a well-worn cliché by now. But clichés earn that status because they originate in the truth. And it’s true that today, data drives the decision-making that moves businesses forward. Protecting it is more important than ever. […]

Cloud | November 27, 2019 by Ryan Demelo

When your system goes down, it’s a disaster – plain and simple.   Whether it’s a ransomware attack that’s shut users out of their email or a software glitch that’s knocked over an e-commerce portal, end users don’t care about the cause of an outage.   They expect the systems they rely on to be “always-on.”