• Home
    • About Us
      • Contact
    • Courses
          • IT Training

          • Microsoft
          • Azure
          • Office 365
          • Microsoft Office Specialist
          • Amazon - AWS
          • Linux
          • Cisco
          • Desktop
          • Fortinet
          • MikroTik
          • VoIP
          • CyberSecurity
          • Programming Languages
          • Databases
          • Machine Learning / Analytics
          • Azure
          • GDPR
          • Blockchain and Cryptocurrency
          • PECB
          • HRDA INSTRUCTOR (EEK)
          • Business Training

          • ISO 13053 Six Sigma Methodology Trainings
          • Managing Projects with Microsoft Project Management
          • Microsoft Advanced Excel
          • Analyzing Data with Microsoft Power BI
          • GDPR DPO
          • Social Media
          • Six Sigma: Total Quality Applications
          • Online Courses – Learn Anything, On Your Schedule

          • Top Self Paced Courses
          • Accredited Diplomas

          • IT and Computing
          • Sales and Marketing
          • Human Resource
          • Business Management
          • Leadership and Team Working
    • Team Training
    • Training Calendar
    • Resources
      • Blog
      • Free Courses
    • Career
      • Jobs at SCP
      • IT Jobs
      • Are you linked-in?
      • Career Service
    • Erasmus +
      • Erasmus KA2
      • Erasmus Mobilities
        • Erasmus Courses
        • Erasmus+ Full Package
        • Gallery – Erasmus+
      • Apply with us!
    Have any question?

    70008828
    academy@scp.ac.cy
    Login
    SCP Academy
      • Home
      • About Us
        • Contact
      • Courses
            • IT Training

            • Microsoft
            • Azure
            • Office 365
            • Microsoft Office Specialist
            • Amazon - AWS
            • Linux
            • Cisco
            • Desktop
            • Fortinet
            • MikroTik
            • VoIP
            • CyberSecurity
            • Programming Languages
            • Databases
            • Machine Learning / Analytics
            • Azure
            • GDPR
            • Blockchain and Cryptocurrency
            • PECB
            • HRDA INSTRUCTOR (EEK)
            • Business Training

            • ISO 13053 Six Sigma Methodology Trainings
            • Managing Projects with Microsoft Project Management
            • Microsoft Advanced Excel
            • Analyzing Data with Microsoft Power BI
            • GDPR DPO
            • Social Media
            • Six Sigma: Total Quality Applications
            • Online Courses – Learn Anything, On Your Schedule

            • Top Self Paced Courses
            • Accredited Diplomas

            • IT and Computing
            • Sales and Marketing
            • Human Resource
            • Business Management
            • Leadership and Team Working
      • Team Training
      • Training Calendar
      • Resources
        • Blog
        • Free Courses
      • Career
        • Jobs at SCP
        • IT Jobs
        • Are you linked-in?
        • Career Service
      • Erasmus +
        • Erasmus KA2
        • Erasmus Mobilities
          • Erasmus Courses
          • Erasmus+ Full Package
          • Gallery – Erasmus+
        • Apply with us!

      Blog

      • Home
      • Blog
      • Microsoft Azure – 9 Security Practices in 2021

      Microsoft Azure – 9 Security Practices in 2021

      • Posted by Sotiris Pafitis
      • Date February 10, 2021

      In the past few years, we have seen tremendous growth towards businesses adopting cloud-based infrastructure (Infrastructure as a Service – IaaS). Microsoft Azure is one such cloud computing service that is facilitating businesses to start their journey towards cloud adoption. But the world has also seen an unprecedented rise in data breaches, cyber-attacks, and cloud security risks. One of the reasons behind this is the misconception of businesses that they think big company names, like Microsoft, will be securing the resources it hosts, so there will be not much that users have to worry about. Although Azure facilitates a lot when it comes to securing your business resources, still it involves lots of shared responsibilities that also require you to play role in securing your Azure cloud. In this blog, we are listing 9 top-notch security practices for Azure that you must adopt to ensure the effective security of your business assets.

      1. Use Azure Active Directory to Secure Identity

      In this technologically advanced era, the firewall is no longer the network’s first security boundary. The rise of cloud services has slowly made identity a key security element. Due to that, you can find many recommendations from Microsoft regarding using Azure Active Directory to secure identity. Some of the recommendations are as follow:

      • There should be a single authoritative source where all identities are centralized. For example, in a scenario of hybrid identity scenario, you should integrate cloud and on-premises directories via Azure Active Directory Connect. It will enable managing identities all at once in one single location, reducing the chances of mistakes and increasing the clarity for stronger security measures.
      • Use the Single Sign-On (SSO) feature provided by Azure Active Directory when integrated with on-premises Active Directory. With SSO, you are able to access all cloud and on-premises resources by one identity. It will help in avoiding the need for multiple passwords, which sometimes result in reused or weak passwords.
      • Two-step authentication is a highly recommended practice today. Therefore, you should also set up two-step authentication for all the users that have access to Azure.
      1. Understand Shared Responsibility Model

      One of the primary understanding cloud security professionals and other users should have is about the shared responsibility model. You should be well-aware that how responsibilities are divided between Microsoft and Azure user (you). The responsibilities vary based on the type of services accessed from Azure, but one thing is clear that the responsibility for access management and data is totally under the user control. With a proper understanding of the shared responsibility model of Azure, you will be in a better position to properly migrate your business to the cloud, utilize all Microsoft security benefits, and have effective protection of applications, keys, certificates, users, data, services, etc.

      1. Control Network Access

      Network access is one of the crucial protection elements for any data center. In the case of Azure security, controlling network access should be a top priority. For ensuring efficient control of network access, you can carry out the following practices:

      • Firewall: The first wall of defense should be a firewall, such as an Azure Firewall or reliable virtual network appliance solution of a third-party. This defense stage will provide you firewall policies, web content filtering, Distributed Denial of Service (DDoS) prevention, vulnerability management (antivirus, application controls, and network anti-malware), and Intrusion Detection and Intrusion Prevention Systems (IDS/IPS).
      • Network Security Group (NSG): NSG enables you to filter and control network traffic entering and leaving from Azure resources, subnets, etc. The subnets in Azure Virtual Network are by default free to communicate. With NSG, you can set up different roles or security zones for every subset. This requires that each subnet should be properly configured with NSG. In the case of a virtual server, NSG should be applied to the VMs network interface. It will help to control the network traffic entering and leaving the virtual machine.
      • VPN: Don’t expose your system to the internet by using a dedicated WAN connection. Azure provides ExpressRoute and site-to-site VPN to address this effectively.
      1. Virtual Machine Protection

      The protection of server operating systems is still on you and that’s why you should effectively utilize anti-malware and antivirus tools. For this purpose, you can use Microsoft anti-malware and Advanced Threat Protection (ATP) from Windows Defender. Both of these tools integrate with Azure Security Center, enabling to have a single place for all virtual machine security management.

      For the virtual machines hosted in Azure, Microsoft requires system updates for them. To facilitate this process, Azure provides an update management solution where Windows VMs updates are applied automatically. Besides that, Azure Security Center also detects and applies missing important updates for VMs.

      1. Implement Data Encryption

      Data encryption gives an extra layer of protection to the data. Therefore, make sure you do data encryption in Azure both at rest and in transit. Depending on the data type and Azure service, the encryption is either enabled by default or you have to manually do it. For example, encryption is attained automatically by default at rest for Managed Disks via Storage Service Encryption for Azure Managed Disks, and Microsoft itself manages the encryption keys in this case. Besides that, you can manually enable Azure Disk Encryption for encrypting a disk containing sensitive data. Similarly, it is also recommended to implement Azure SQL database encryption when using Azure SQL to secure database files.

      1. Protect Sensitive Data

      Sensitive data such as certificates, secrets, and keys are some of the main sensitive data in your Microsoft Azure cloud that need protection all the time. To protect such sensitive data, use Azure Key Vault. Every vault possesses an exclusive access-control list that utilizes role-based access control.

      1. Use Azure Bastion for VM Connection

      Another good security practice is to use Azure Bastion for configuring seamlessly and securing RDP/SSH connectivity to VMs directly over SSL in the Azure portal. This approach removes the requirement of a public IP address.

      1. Disable RDP & SSH Access

      For enhanced security, you should not give Azure VMs access to RDP and SSH from the internet. Even if you want to give RDP and SSH access, there should be a secure dedicated connection, like ExpressRoute or VPN, utilizing Just-in-Time (JIT) VM access. JIT VM access provides multiple benefits, such as easy access to connects VMs using Secure Shell or Remote Desktop, control incoming Azure VMs traffic, decrease exposure to brute force attack, and many other benefits. As per Microsoft, Brute Force attacks belong to the most common attacks category. Just-in-Time (JIT) VM access leverages rules of Network Security Groups (NSGs) to give secure configuration and securely give access to approved users.

      1. Limit Azure Subscription Owners

      Rather a simple but important security practice is that to have a limited number of Azure subscription owners. The ideal limitation approach is that there should be more than 1 Azure subscription owner, but it should not exceed more than 3 owners. There should be 2 trustworthy Azure Administrators (more like product owners) and 1 emergency level account.

      Conclusion

      There is no second thought on acknowledging the importance and significance of Microsoft Azure for the business sector. It can raise many security concerns if no comprehensive security practices are placed. Therefore, the above listed 9 security practices for Azure are just the primary security practices, and it requires more technical knowledge and expertise to ensure impenetrable security measures for Azure.

      Our Partners

      Our Partners
      • Share:
      author avatar
      Sotiris Pafitis

      Previous post

      Office 365 – 7 Best Security Practices in 2021
      February 10, 2021

      Next post

      Python – Key Reasons and Benefits of Learning Python
      February 17, 2021

      You may also like

      Cisco Training Cyprus
      Cisco Training Cyprus – Achieving Cisco Routing and Switching Certification
      12 November, 2022
      SCP Academy – for Python Training in Cyprus
      SCP Academy – For Python Training in Cyprus
      6 April, 2022
      MTCNA Training
      Register SCP Academy For MTCNA Training in Cyprus
      25 March, 2022
      Introduction to Cybersecurity

      Introduction to Cybersecurity

      Free
      CCNA Routing & Switching V7.0

      CCNA Routing & Switching V7.0

      Free
      Microsoft Office 365 – End User

      Microsoft Office 365 – End User

      Free

      Designed by SCP Academy.

      Login with your site account

      No apps configured. Please contact your administrator.

      Lost your password?