Azure Security Mastery: Steering Clear of the Top 5 Pitfalls

Cloud services have been spectacular for giving us endless infrastructure capabilities.

They also allow us to make to easily make monumental security mistakes.

Microsoft has shared security responsibility with their customers, so while they are responsible for securing the physical datacenters, it’s each customer and partner’s responsibility to follow the right steps to secure the resources we put there. ?

We’ve seen an astounding amount of poor security practices in Microsoft Azure, and hopefully you don’t find yourself in the most common issues that come back to bite companies.

Here are five security pitfalls that 75% of customers experience within their first three years of leveraging Microsoft Azure.

1) Overusing Public Facing IPs

Public facing IPs open up your resources to the outside world.

By exposing your resources to the internet, you’re allowing outside access to resources in your environment. Hundreds of millions of records have been leaked because of this exact issue over the past few years.

Solution? Review your public facing IPs and determine if it’s absolutely necessary for that to remain, and rearchitect accordingly.

2) Forgetting to lock down access

Attackers don’t break in, they log in.

Protecting access to your environment is key, both internally and externally. You need to have a system in place to control how many keys there are to the metaphorical doors and ensure the person you gave it to is the one using it.

Why does this matter?

Access control issues can be huge depending on the company, and here are some examples of access issues that led to a security incident.

• Lack of MFA -> admin account compromised -> access granted to attacker
• Privileged access granted to user account (not admin account) -> and user account compromised -> access granted to attacker
• User granted elevated rights needed to complete task -> Elevated rights never revoked -> user unknowingly gets account compromised -> access granted to attacker
• 3rd Party Vendor needed rights to complete task -> No MFA enabled as account was needed by multiple team members -> 3rd party vendor account compromised -> access granted to attacker

Solution?

Educate your team on Azure Role Based Access Control (RBAC) and Azure Attribute Based Access Control (ABAC), setup a proper rights management process for your organization.

3) Automating is key for small teams with limited resources.

The most efficient use of time is to set up your Azure environment to tell you exactly when there is a real issue, and better yet, automate the process for resolving that issue immediately upon detection.

How do we do this?

We leverage Azure Monitor & Microsoft Sentinel.

Azure Monitor provides visibility across your entire Azure environment, where you can automatically get platform metrics, activity logs, and diagnostics logs from most of your resources with no configuration. You can update the settings based on sensitivity for each instance, so you’re only getting informed when you need, and minimize the noise associated with a high frequency of alerts.

Microsoft Sentinel is a security information event management (SIEM) and security orchestration automated response (SOAR) solution. This powerhouse solution give you a single solution for attack detection, threat visibility, proactive hunting, and threat response. And SO MANY organizations don’t leverage its capabilities.

This is one of the most powerful tools we have against threats in Azure, and every organization should evaluate how they can leverage its capabilities for better protection.

4) Ignoring the capabilities of Defender for Cloud

Defender for Cloud is a cloud-native protection platform with a set of security practices and measures intended to protect cloud-based applications from various threats and vulnerabilities.

Underneath the hood, Defender for Cloud is made up of many specific services (Defender for Storage, Defender for Servers, Defender for Key Vault, etc.), all of which are built to protect the specific workload they’re named for. Defender for Cloud allows you to get the best protection for the specific services running in Azure, and with native integration for ease of management.

Log into your Azure Portal, search for and select Microsoft Defender for Cloud, go to Environment settings, and see if you currently have any Defender for Cloud services enabled.

5) Backing up WITHOUT Immutable vault

Backing up your systems is an absolute necessity for all companies.

In the event of a data corruption or malicious attack on a production instance, we need a healthy backup to restore from.

However, in the event of a security breach, the first thing attackers go for are the backups. This ensures that when they encrypt/steal information, the organization cannot rely on their backups as a mechanism for recovery. If the attacker was able to access the backups, we need a way to ensure that they cannot eliminate our ability to recover.

How do we accomplish this? Immutable vault for Azure Backup.

By leveraging Immutable backup, we’re protecting our backup data by blocking any operations that could lead to loss of recovery points. Additionally, we can lock the Immutable vault settings to make it irreversible to prevent any malicious actors, external or internal, from disabling immutability and deleting backups.

This is tremendously important.

Your backups are only as good as your restores. If you’ve got valid backups, but can’t restore them, what good are they? Having Immutable backup ensures they cannot be tampered with, so if all other protections have failed, and a bad actor has access to your backups, you can still recover. ??

Cloud services make deploying resources incredibly easy, but with that ease comes risk. ?

Avoid these mistakes, and you’ll be ahead of most.

Martin Feehan