Azure Security and Management – Part 1: Capabilities of Hybrid Cloud
Juan Cruz, Partner Technical Strategist – System Integrators
We are going to be reviewing the Microsoft Azure Security and Management capabilities of the hybrid cloud. This is part one of our security and management blog series covering Azure Security Center.
Securing Azure resources
If we start by looking at what’s happening within cloud technology as it relates to digital transformation, security is what has become a driving factor in the way businesses operate. The rise of more sophisticated threats is presenting our customers and partners with a new set of challenges. This increase in threats affects everyone, regardless of location, public cloud or on-premise.
As cloud adoption grows, many customers will be moving to cloud through a hybrid approach. The journey to the cloud is a shared responsibility between the customer and Microsoft with regards to securing Azure resources.
Microsoft’s commitment is to secure and manage the cloud foundation through:
- Security and management of physical assets: layers of physical protection, state-of-the-art controls, etc.
- Datacenter operations security and management: security operations center, incident assessments, continuous monitoring by security experts
- Cloud infrastructure security and management: secure multi-tenancy, DDoS defense system, etc.
From a customer perspective, they are responsible for securing and managing cloud resources such as virtual machines, applications, and data.
When you look at the traditional way of deploying cloud applications (IaaS), the customer was ultimately responsible for the entire stack (short of the hardware) meaning they must patch servers and applications and secure data. As customers move towards a hosted and integrated solution, the amount of responsibility starts to shift towards the cloud provider.
The cloud provider is responsible for securing the platform, while you are responsible for securing your application and data. Service providers now have more choices for developer entry points along the control-speed continuum. The question is “Where do I start?” not “Which do I choose?” Partners that are traditionally focused on IaaS can now offer multiple entry points to customers.
Microsoft Azure Security Center
Azure Security Center covers three foundational scenarios – unified visibility and control, adaptive threat prevention, and intelligent detection and response.
With Azure Security Center you can manage the security posture of all your hybrid cloud workloads in a single pane of glass, meaning you can see all the events, and recommendations for all your servers and applications, regardless of where they reside.
Security Center provides features such as central policy management, which allows you to apply policies to existing workloads, as well as helping on-board and discover new workloads (as they are provisioned).
Azure Security Center provides the ability for our customers to ingest data from existing security investments. Microsoft offers extensive integration with our partners, Microsoft’s first party solutions, and many third-party solutions.
With a built-in security assessment, you can continuously identify vulnerabilities within your environment. You can look at items like system updates status or check for an unconfigured NSG.
Within Security Center you can look at the top security recommendations for your environment. Many of these recommendations can be remediated from these alerts within the console.
Azure Security Center also has built in cyber defenses to help block malicious access and applications. Two concepts, such as just-in-time access and prescriptive application whitelisting, can help better secure environments from unknown threats.
As important as it is to understand how to defend ourselves from an attack, it’s equally as important to understand what happened during an attack and how you can prevent that from happening again. With Windows Defender ATP, we’re able to detect threats across the kill chain. You can analyze the target of the attack, review items like install and exploit attacks, and provide post breach information.
As we all start to move towards a more automated world, the automation of detection and prevention provides greater ability to protect and secure an environment, without the need of user intervention.
Our customers can gain visibility into the health, performance, and utilization of their platform, apps, and workloads, no matter where they reside. This allows them to get time back to focus on the initiatives that matter most.
Azure provides monitoring and analytics as a SaaS offering, so you can get started quickly without any infrastructure overhead. It is designed to manage your development and IT operations workflows through a unified experience. It can connect to any data source and you can leverage your existing management tools, both on-premise and in the cloud. You can query at cloud scale and gain immediate insight by correlating and analyzing petabytes of machine data. With built-in solutions and machine learning algorithms baked into the service, you can detect and fix issues before it impacts users… no matter what type of platform you use.
In part two, we will look at some of these features in action and how to better secure your environments. Stay tuned in the coming weeks.