You’re about to begin your journey to cloud adoption.
Or, you’ve already started but aren’t sure if there’s something you missed.
Most organizations moving to the cloud face the same problems. They don’t have a real plan. They have a skill gap in their organization. Or, they haven’t taken the time to define governance.
When it comes to cloud security, the same challenges apply. Planning for security is different in the cloud. 65% of enterprise businesses report a skills gap when it comes to cloud security. Governance questions arise about who will procure cloud technologies and who will have access rights to cloud resources.
But, cloud security is more critical than ever.
- 44% of enterprise firms suffered 2 or more data breaches in 2016
- 62% of enterprise firms claim to have insufficient security staff
- 25% of people reuse credentials
It may seem overwhelming, but there is an effective way to achieve security in the cloud. In fact, done right your migration to Azure will leave you more secure than in your present environment.
Our latest Discovery Series webinar explores which aspects of the Azure cloud Microsoft secures and which are your responsibility. Watch it here:
Shared Security Model
The conversation begins with a distinction between the security of the cloud versus security in the cloud. The first refers to the infrastructure Microsoft has built. The second refers to your responsibility to secure the operating system, network, and firewalls as a customer. Depending on your deployment, some or all aspects of security are shared.
On-premises infrastructure leaves all responsibility for operation and security in the customer’s hands. In an infrastructure-as-a-service (IaaS) model, elements like network hardware and the hypervisor fall under the platform vendor. At the same time, responsibility for applications, identity, clients, and data is shared.
Platform-as-a-service (PaaS) models build on IaaS deployments and make the provider responsible for securing networking controls. In a software-as-a-service (SaaS) model, the provider delivers apps to the customer and abstracts the underlying components. The customer manages their users, controls their end-point devices and classifies their data.
Microsoft Data Center Security
Microsoft CEO Satya Nadella has made security in the cloud a top priority for the company. From perimeter fencing to two-factor authentication, Microsoft has made heavy investments in protecting its data centers. They’ve even put funding behind features like seismic bracing to ensure data centers are physically resilient as well as secure. As a customer, you’ll often get to benefit from the certifications that result from this spending.
Microsoft has also launched the Cyber Defense Operations Center. This unit protects Microsoft’s cloud infrastructure, services, products, and devices. Offering 24 x 7 protection it uses machine learning to detect potential attacks and take appropriate action.
Identity & Access Management
Addressing identity and access management is a recommended first step. When we interviewed CIOs about what’s important to their organizations, this issue ranked as a high priority. This is because identity and access management also impact end-user satisfaction. When your employees encounter various apps that need different credentials, the result is a poor experience.
Microsoft Azure Active Directory provides a single mechanism for authentication. And, Cloud App Security allows you to track external SaaS apps in your environment and roll them into this single point of management. The solution also helps to address “shadow IT,” or the use of unsanctioned apps by employees who aren’t aware of the risks.
Most organizations we work with are using virtual machines (VMs). The first step in cloud adoption for many of these businesses is to move VMs to an IaaS deployment. Here, the customer remains accountable for managing VMs, including antivirus, backup, and malware. You need a strategy in place to protect yourself in these areas.
Many of the software solutions that have protected you for years, like Trend Micro Deep Security, now offer protection in Azure. Trend Micro was one of the first security partners on the Azure platform. And, customers who have used their technology before will be able to capitalize on much of that knowledge in Azure.
Ensuring you have consistent security for virtual machines and IaaS is key. Using a template-based approach is an effective way to ensure identical and secure deployments.
The high number of compute resources in an average IaaS deployment means network communication is critical. But, once you expose your Azure environment to the Internet you’re accountable to protect it. Some organizations attempt to secure this by routing through their on-premises environment and existing network protection infrastructure.
Another approach is to try protection within Azure. In this case, you still need to manage configuration along with networking elements like virtual networking, load balancing and DNS.
Barracuda offers a robust solution for networking and web application protection. Available via the Azure Marketplace, it integrates with key aspects of Azure, including Express Route and Azure Active Directory.
Data Classification & Accountability
Encrypting data and understanding who has access to it is more important than ever. The ready flow of information makes this a vital part of cloud security.
Microsoft has made it simpler with Azure Information Protection. AIP allows you to classify data based on sensitivity and enforce access rights. And, it goes beyond rights and policy enforcement to support an end-to-end data lifecycle. It also allows you to track data in motion and pinpoint where users are accessing information within a map view.
You’re Ready to Secure the Cloud
What are the next steps on your journey to cloud security?
1)Build a Plan
Take the time to define governance for your environment. Get a sense of what’s already running in your environment. Ensure you have a checklist for your cloud migration.
Decide how to manage identity. Gain control of SaaS in your environment and adopt a single authentication mechanism.
3)Secure Host Infrastructure & Network Controls
Understand your current state and protect your vital infrastructure and networks.
Classify data and encrypt sensitive information with Azure Information Protection.
5)Detect & Respond
Improve your ability to detect and respond to security breaches and potential threats on an ongoing basis.
Now that you have a better understanding of the options and best practices for securing your environment in the cloud, you’re ready to move forward.
Interested in learning more about cloud security and staying up to date in the latest security innovation? Download our latest issue of the Ultimate Security Guide today.