04-11-19 | References
Recent public revelations about data breaches due to poorly configured Amazon S3 buckets are making users think twice before moving to the public cloud. For current Azure users, that risk can be mitigated by properly understanding how to apply Azure Security Center to your own resources. In this post, we’ll explain what the Azure Security Center is and offer training on how to use it to your advantage.
The Security Center allows you to apply security policies across your workloads, see recommendations and security alerts about your environment, limit your exposure to threats, and detect and respond to attacks.
A streamlined view of the security threats across your environment will make it easier to detect and mitigate threats. It can also help with regulatory compliance, as you can streamline all of your security policies across a single dashboard. As the screenshot shows, you can choose to manage a particular Azure subscription, or multiple subscriptions if you like.
To get started, you must first have a subscription to Microsoft Azure. Once you log in with your credentials, you can navigate to the Security Center screen. From there, we recommend designating a security contact who will receive any security alerts, decide which alerts to receive, and how to handle informing subscription owners of those alerts.
First, don’t leave default configurations without checking them! Oftentimes the default configuration is not secure enough to meet a company’s needs. Many security breaches (such as the S3 bucket leaks in AWS) are due to the default configurations being left rather than modified to suit the company’s requirements. Just because data is in Azure does not make it secure.
Second, pay attention to the alerts–they’re not much use to you if you don’t actually look at them. Azure offers the ability to prioritize your alerts so you know what needs fixing right away and what can wait.
Did you also know that there’s a feature called Just in Time that only allows access to VMs right when you need it? This feature blocks inbound traffic on specific ports, allowing access only for a specific need. This reduces the network surface and the likelihood of brute force attacks. When the machines aren’t running, they can’t be broken into.
Finally, Azure experts also recommend enabling Advanced Threat Protection (ATP) for at least the most critical resources, if not others. Keep in mind though that if you currently use the Free Tier, you will need to upgrade to the Standard Tier to turn on this feature.
When it comes to security in Azure, it doesn’t have to be a mystery. Make sure to designate a security contact who will watch over your environment and alert you to any threats that may have come up. Assume that default configurations aren’t enough to protect your data, and consider ATP to protect your most critical resources.