Microsoft Azure Security Overview – Who does what?

 

While popular out-of-the-box SaaS products like Salesforce, Box, Dropbox, and Office 365 are becoming common in the workplace, many enterprises have business needs that require custom-made applications.

At one time, enterprises relied on custom, in-house developed applications hosted in their own data centres. Having recognised the advantages of cloud computing, over the last 10 years these applications have slowly migrated to the public, private, or hybrid cloud. According to a Cloud Security Alliance report in 2017, 60.9% of all custom applications were being hosted in private datacentres as recently as 2016.

However, cloud usage has reached a tipping point, and deployment of test and production application workloads in the public cloud is accelerating at the expense of enterprise datacentres.

Not only are enterprises increasingly developing new custom applications on infrastructure-as-a- service (IaaS) platforms like Microsoft Azure, but enterprises are also migrating their existing custom applications and workloads to the public cloud. Collectively, these two trends have driven the percentage of custom applications running in the datacentre to an all-time low of 46.2% in 2017.

 

Azure Security Challenges

 

Threats to data and applications on Azure, Enterprises can’t afford to have their Azure environment or the custom applications running on Azure compromised. Enterprises store sensitive data such as credit card numbers and Social Security numbers in custom applications. 72.2% of enterprises have business critical applications–defined as an application that, if it experienced downtime, would greatly impact the organization’s ability to operate. For example, an airline cannot operate if their flight path application goes down.

Threats to applications running on Azure and the data stored within them can take many forms:

Denial-of-Service (DoS) attack on an application:

Azure has developed sophisticated DoS protection capabilities delivered in Azure Marketplace. However, it’s possible a large attack could overwhelm Azure’s defences and take an application running on the platform offline for a period of time until the attack is remediated.

Insider threats and privileged user threats:

The average Enterprise experiences 10.9 insider threats and 3.3 privileged user threats each month. These incidents include both malicious and negligent behaviour. In most cases, well-intentioned employees will misconfigure an Azure service or otherwise overlook a critical security control that will expose the Enterprise to security risks, but threats can come from privileged or malicious users as well.

Third-party account compromise:

According to the Verizon Data Breach Investigations Report, 63% of data breaches were due to a compromised account where the hacker exploited a weak, default, or stolen password. Misconfigured security settings or accounts that have excessive identity and access management (IAM) permissions can increase the potential damage.

Sensitive data uploaded against policy/regulation:

Many organisations have industry-specific regional regulations or internal policies, that prohibit certain types of data from being uploaded to the cloud. In some cases, data can be safely stored in the cloud, but only in certain geographic locations (e.g. datacentre in China but not in the United States).

Software development lacks security effort:

Unfortunately, IT security isn’t always involved in the development or security of custom applications. IT security professionals are only aware of 38.6% of the custom apps. This means when it comes to custom application development, IT security is often bypassed, making the task of securing these applications more difficult. According to Gartner, from now through 2020, 95% of security incidents in the cloud will be the fault of the customer, not the cloud provider. As enterprises continue to migrate to or build their custom applications

Shared responsibility model

Like most cloud providers, Azure operates under a shared responsibility model. Azure takes responsibility for the security of its infrastructure and has made platform security a priority in order to protect customers’ critical information. Azure detects fraud and abuse and responds to incidents by notifying customers.

However, the customer is responsible for ensuring their Azure environment is configured securely, data is not shared with someone it shouldn’t be shared with, identifying when a user misuses Azure, and enforcing compliance and governance policies.

Azure’s Responsibility

Since Microsoft has little control over how Azure is used by its customers, Microsoft has focused on the security of Azure’s infrastructure which includes computing, storage, and networking.

Physical security of Azure infrastructure is the one responsibility that is wholly owned by Microsoft. Microsoft is responsible for the security of the software, hardware, servers, buildings, hypervisor, configuration of managed services, and the physical facilities that host Azure services.

Customer’s Responsibility

Azure customers are responsible for or share the responsibility for securing and managing the operating system, network configuration, applications, identity, clients, and data with Azure. Customers are responsible for ensuring that the data and its classification are done correctly, and that the solution will be compliant with regulatory obligations. The customer is responsible for managing their users and end-point devices.

For all cloud deployment types, customers are responsible for protecting the security of their data, identities, on-premises resources, and the cloud components that you control (which vary by service type). Responsibilities that you always keep, regardless of the type of deployment, are:

  • Data
  • Endpoints
  • Account
  • Access management

LAN2LAN Services

The LAN2LAN solution revolves around a service aimed at empowering our customers to better react to the evolving threats they are faced with daily.

The core princi­ples of the solution are to ensure that the security infrastructure deployed is best-of-breed and optimally configured and managed to ensure that customers are protected from old, current and new threats. At the same time, the infrastructure will allow faster response times to potential breaches through unknown attack methods, by incorporating intelligence through comprehensive incident and event analysis.

The service methodology has been designed to ensure that the security technologies deployed within a customer’s network, whether already implemented or added as part of our engagement, are functional and effective, and consistently so.

This is achieved by “listening” to what the environment is telling us regarding technology performance and threat activity and using this information to pro-actively ensure that the customers’ critical systems and information assets are protected 24x7x365. In doing so, we can expect more productivity and far less potential for any type of breach, thereby allowing our customers to focus on their core objectives and critical business functions.

Core services include :-

  • Antivirus Managed Service
  • Web Security Managed Service
  • Cloud-based mail security As a Service
  • Privileged Access Management Managed Service
  • Physical & Virtual Server Security Managed Service
  • Firewall Managed Service (incl. SSL decryption, UTM)
  • ATP (Breach Detention) Managed Service
  • Data Leakage Prevention Managed Service
  • Application Software Security Managed Service
  • Intrusion Prevention Managed Service
  • Patch, Vulnerability and Inventory Managed Service
  • Identity Management
  • Multi Factor Authentication

 

LAN2LAN can provide full end to end SOC service capability.

Please contact a member of our Cloud & Security Team on 0870 787 4001 or email us at info@lan2lan.com for further information.

 

 

Gary Duke

Comments are closed.