Microsoft is arguably one of the most established cloud service providers on the market. In fact, it’s estimated that nearly 95% of the Fortune 500 is using Microsoft Azure daily.
By providing solid enterprise cloud services and hybrid infrastructure, Azure has gained the trust of its many customers. Unfortunately, the rapid growth of providers, such as Azure and Amazon Web Services, means that the cyber threat environment has evolved with them.
In a 2017 Security Intelligence Report, Microsoft can report that their cloud users saw a 300% year-over-year increase in attacks. In addition, the number of attempted sign-ins from malicious IP addresses increased by 44%. This is bad news for anyone using cloud infrastructure services.
Luckily, there are a few best practices you can follow in order to reduce the impact of potential threats. Let’s take a look.
Microsoft Azure: 8 Best Security Practices
Before we start, it’s important to remember that this is not meant to be an exhaustive list of all the security features and possibilities that exist within the Microsoft Azure cloud environment. Rather, it’s meant as a quick overview of how you can bring your Azure security practices up to speed quickly – and how you can better leverage the capabilities of your cloud environment.
Understand the Role of Azure Security Center
Microsoft Azure is equipped with a complete security centre. This is an integrated security management solution, and it aims to boost the security of your data and to protect you from the many possible threats out there. The security centre works to resolve the following issues:
- Update users with the latest security challenges
- Alert you of new security patches
- Protect your data and workloads
- Deal with sophisticated attacks
For the security centre to do its job, it’s important that you enable machine security data collection by default. This can be done by using the automatic provisioning of monitoring agent functions. Following this, you should go over all the recommended settings and ensure they’re all enabled – such as automatic security patches and encryption.
Secondly, we recommend adding updated contact details, such as your phone number. In case of emergency, Microsoft can reach you as soon as possible.
Use Multi-Factor Authentication
With the rising number of cyberattacks, it’s essential that you play your part in keeping the business data safe and secure.
One way of doing this is to use a multi-factor authentication wherever you can. This option is already available through the Azure Active Directory, so ensure that it’s enabled. However, this requires that you put some effort into creating the strongest, most complex password possible. If you don’t know where to start, we have an expert guide on how to create secure passwords here.
Finally, be mindful of which permissions you are giving the various users. Few employees will need administrative permissions to all of your data – rather, restrict the permissions and ensure that you always keep track of who has access to what.
Secure Your Data Storage
Azure’s Shared Access Signatures will let you control access to all the data stored in your storage accounts.
For example, it allows you to share a link or give access to a specific data set – but only for a limited amount of time. Once the deadline has passed, the generated URL will expire and the data will no longer be accessible. Essentially, this means that no one will be granted full access to your data and Azure environment by accident.
Enable Features for Virtual Machines
- OS Vulnerabilities: When enabled, this feature searches your operating system configurations on a daily basis to determine if there are any risks or issues that can make you vulnerable to attacks.
- Endpoint Protection: With this feature, the Azure Security Center will help identify and remove malware, viruses and other possible threats.
- JIT Network Access: From here, you can select the ports on your virtual machine to which inbound traffic should be locked down, thereby reducing your exposure to attacks.
Be Mindful of Activity Log Alerts
The Azure Activity Log essentially helps you identify security issues in your system. You can use this log to alert relevant parties or employees about suspicious activities that will need a second look.
This can also be a helpful tool for updating network security groups, setting up task alerts, and creating policy assignments.
Use Microsoft SQL
When you run Microsoft SQL within Azure, you will benefit from a separate SQL Firewall feature to keep your systems safe from blunt force attacks. This tool will provide adequate protection against malfunctioning, misconfigurations or platform errors. It’s also recommended that you perform a threat scan against your entire infrastructure.
We recommend that you enable the “Auditing” setting on all your SQL servers. This will track events in your database and log them, which can be a great asset when maintaining regulatory compliance or understanding database activity.
Finally, we advise you to turn on the “Threat Detection” feature, as well. Adding an extra layer of security, you can receive alerts whenever potential vulnerabilities, SQL injection attacks or any suspicious activities are detected.
Most large organisations will have cloud infrastructure that involve several accounts, regions and time zones. Often, this leads to a decentralized visibility and a siloed track of assets. Unfortunately, this will make it even more difficult for your security team to detect and mitigate potential risks.
By using Azure Security Centre regularly, you can monitor your systems at scale and thereby gain a more granular overview of what is happening in your cloud.
Turn off Servers
While this might be obvious to some of you, there are still plenty of companies that never turn off their servers when they are not in use, or removes inactive resources.
By turning of unused resources, you can significantly reduce security threats – and you can reduce the total cost of your cloud services. After all, there’s no need to pay when you’re not actually using a resource.