All or nothing is a really bad strategy for securing your Microsoft Azure workloads. You need to know exactly what it is that you must secure. But you can’t do it alone. Microsoft provides robust physical security, network infrastructure, and virtualization layer. Ideally, you will match their excellence with equally robust security for your workloads, including operating system, applications, and data.
But there’s a small catch. If you try to use traditional security to protect your applications and data in the cloud, you risk slowing your Azure project with needless complexity. There’s a simpler and more effective solution: Security that is built for the cloud is easier to deploy in the cloud and works better to secure the cloud. But even then, the way you deploy it can impact your entire project. You have to be careful not to do anything that makes security stand between you and your success in the cloud.
Bake security into your project from the get goFirst, start thinking about security very early in the game. The earlier the better. Baking security into your strategy from the get go is the best way to ensure full coverage when your deployment is complete. That includes thinking about implementing the proper controls, such as who has access to the Azure Management Portal, how designated administrators will access cloud resources, and what you need to do to maintain restrictive network policies.
Monitor traffic in and out of your cloudNow that’s a great start. But you’ll still need to be sure that your applications remain secure during day-to-day usage. That’s where host-based IPS systems come in. They’ll help you ward off unauthorized access by monitoring incoming traffic to make sure it’s legitimate. Plus, vulnerability shielding functionality will help you keep all workloads up to date. Implementing virtual patches on templates helps you avoid the hassles of patching live workloads.
Detect threats early in the gameBut your job is never really done. You still need to find ways to monitor your security posture to uphold continuous integrity of critical system files, application configuration files, and application logs. Sure Azure provides monitoring. But you need every advantage in getting a jump on the attackers. And host-based integrity monitoring will provide an earlier indication of compromised systems.
Be prepared to act fast if you have toAnd in the unlikely event that you reveal an attack, you need to be prepared to act quickly to isolate the infected server, identify the cause, and begin repair. Only then can you restore service as quickly as possible. Azure is built to help you improve your incident response. To speed your time to protect, you’ll also want to take advantage of vulnerability assessments and penetration testing to discover as many vulnerabilities as possible before an attacker can use them against you.