In today’s interconnected cloud-first, mobile world, securing your online apps and services is vital. However, building secure solutions which deliver value in today’s complex and regulated environment can be a challenge. With information essentially becoming the currency of the digital age, the creation of multiple compliance regulations has forced organizations to implement technical security measures to protect their online systems and customers. Meeting these compliance requirements can be challenging, especially if you are leveraging the benefits of the cloud. Not only do you need to build and configure your apps and services securely, but you also need to ensure your chosen cloud provider meets any necessary compliance requirements.
Compliance in the Cloud Compliance Is a Shared Responsibility
On Azure, Microsoft is responsible for meeting the compliance requirements for its platform while you are responsible for any compliance measures which relate to your cloud service.
With more certifications than any other cloud service provider, Azure meets a broad set of international as well as industry-specific compliance standards. These include the GDPR, ISO 27001, HIPAA, SOC, among others. Microsoft also conducts regular comprehensive audits to ensure it maintains these standards and adheres to the security controls needed.
However, as stated, ensuring your services that are running on Azure meet compliance requirements is your responsibility. Thankfully Microsoft Azure provides a few tools which can help you secure your cloud services and meet the necessary compliance standards.
1 – Azure Security Center
Azure Security Center (ASC) protects your Azure resources by providing an integrated security management service. It offers Azure subscribers the ability to monitor their workloads for any security-related incidents and applies policies to ensure they comply with security standards. When it comes to compliance ASC provides policy management and vulnerability testing. It gives you the ability to implement security policies to your Azure services and provides the capability for you to conduct automated vulnerability testing.
ASC also gives you the ability to rapidly assess the security state of your virtual machines, obtain actionable recommendations, and mitigate any identified risks. Windows Defender Advanced Threat Protection is also part of this service and has recently been updated to include advanced forensic techniques which combat fileless malware.
ASC helps you secure your Azure services in a few different ways. For example, if you create a new virtual machine (VM) on Azure, there are a few security settings you need to configure to harden it. If you do not have an endpoint solution installed or have no disk encryption enabled, ASC will alert you to this fact and provide you with step by step guidance on how to implement the necessary measures to increase your security.
2 – Azure Advisor
Azure Advisor is another service you can utilize to secure your cloud services on Azure. It automatically scans your configured Azure services and provides insights and recommendations for high-availability, security, performance, and cost. Using this information you can harden your Azure assets as well as improve their performance and resilience.
Azure Advisor helps you achieve better security by interrogating and analyzing your configuration settings in addition to your usage telemetry. It collates all this data and then provides recommendations on what configuration changes you need to make to improve the performance, security, and reliability of your Azure services. For example, if you do not configure your VM service as an availability set, Azure Advisor will alert you to the fact that you do not have resilience built into your solution. Regarding security recommendations, it integrates with ASC and provides security-related alerts and ranks them according to their severity level.
3 – Azure Monitor
As you cannot manage what you cannot measure, Microsoft provides Azure Monitor which actively consolidates logs and metrics for all your Azure services including activity and resource diagnostic logs. Using this information you can monitor your Azure environment for any security-related incidents or alerts. Azure Monitor provides comprehensive details which are categorized and recorded under activity logs, alerts, metrics, logs, and service health.
The Azure Monitor Activity logs give you the ability to track any activities on a particular Azure subscription such as when users have logged in, if they have started or stopped VMs, or created, modified, or deleted any Azure resources. As such, this tool provides auditing capabilities which you can also export to a SIEM solution.
The Azure Monitor alerts provide you with any Azure generated incidents from any of your resources. Furthermore, the metrics and logs functionality gives you the ability to create security audit logs. You can also export this data and import it into a SIEM for consolidated security reporting. It provides IT management and security services which include automation, compliance, log analytics as well as backup and recovery.
The automation provided enhances security by automating error-prone and frequently repeated tasks. Furthermore, you can utilize Log Analytic feature to collate logs from multiple managed services into a single consolidated view where you can analyze these for any security-related incidents or alerts.
4 – Application Insights
Application Insights gives developers the ability to monitor the performance of their code. It is similar in function to Azure Monitor with the only difference being Application Insights monitors code whereas Azure Monitor inspects and observes Azure resources.
As it is similar to Azure Monitor, Application Insights gives you the capability to log events and metrics which you can analyze for security-related incidents. If you utilize OMS (now Azure Monitor), you can then consolidate all the logs and metrics, from both Application Insights and Azure Monitor into a single consolidated view.
Securing Your Azure Resources with Policies, Scanning, and Monitoring
Security in the cloud-first mobile world is vital. Even though Microsoft is responsible for the platform and has implemented multiple security-related technologies to ensure they comply to various international standards and regulations, you are still responsible for securing your services which run on the Azure platform. Azure provides several services to help you achieve this. Azure Security Center is the primary tool and provides an integrated security management service that offers policy management, vulnerability assessments, and advanced threat protection. Azure Monitor, on the other hand, monitors all your Azure resources and can provide activity monitoring as well as log collation from your various Azure services. On the development side, Application Insights provides similar benefits which you can consolidate into Operations Management Suite with Azure Monitor logs for a single consolidated analytical view of every alert across your Azure landscape. Finally, Azure Advisor automatically scans your configured Azure services and provides insights and recommendations for high-availability, security, and performance.
Thoughts, suggestions? Let me know in the comments or by tweeting me at @UlvBjornsson