Azure is a public cloud platform operated by Microsoft, but is Microsoft ultimately responsible for securing the platform?
Microsoft may well be responsible for securing the underlying platform, but because Azure is a complex, multi-layered offering, there are certain responsibilities for securing Azure components which fall to the subscribers of this service.
Click here to download our free ebook and learn more about the top trends for Microsoft Azure
Microsoft is responsible for the platform
Although Azure is a robust cloud platform which allows you to create anything from virtual machines to IoT clusters, the fact remains that there are certain security configurations which fall beyond the scope of what Microsoft can implement.
Simply put, Microsoft is responsible for the platform security, and you are responsible for securing the application, service, virtual machine, etc. you have provisioned on the platform.
To illustrate, let’s use an example of a web application running as an Azure App Service. By default, Microsoft needs to allow remote connections to the application via the standard protocols so that users can access the functionality of the web application. Hardening the underlying platform which hosts the web application is Microsoft’s responsibility, and the subscriber is responsible for securing the actual web application as Microsoft does not have the scope and context to do this for you.
Microsoft Azure Security Capabilities
To ensure users have every tool at their disposal to secure their services, Microsoft has developed several Azure services integrating security features into other Azure operational management resources. These tools allow you to implement policy compliance, conduct vulnerability assessments, proactively monitor your Azure services for security related incidents as well as manage and maintain related log data.
1 – Azure Security Center
Azure Security Center (ASC) is a service on the Azure Portal which helps you protect your Azure resources by providing integrated security monitoring and policy management across your Azure subscription. In essence, it assesses the configuration of your resources to identify security issues and vulnerabilities and provides recommendations, based on security policy templates you apply, to remedy them.
Policy Management and Vulnerability Testing
Once engaged, ASC automatically discovers and starts monitoring your Azure resources following the applied security policies. In addition to policy monitoring, ASC also provides vulnerability scanning functionality enabling you to continuously monitor virtual machines, networks, and services for known vulnerabilities using built-in enterprise-grade security assessment tools.
Adaptive Threat Protection
ASC also offers adaptive threat protection which can block malware and other unwanted code by applying application controls. Built and powered by machine learning, this malware protection service uses heuristic-based analysis techniques to defend against sophisticated modern malware attacks.
2 – Operations Management Suite
Microsoft Operations Management Suite (OMS) is a cloud-based suite of technologies which offers holistic IT management and security solutions including functionality which enables Automation, Security, Compliance, Log Analytics, Backup, and Recovery.
Automation and Log Management for Security
OMS lets you automate manual, error-prone, and frequently repeated tasks which save time, increases reliability, thereby enhancing security. Also, OMS’s Log Analytics service allows you to collate logs from multiple managed services into a single consolidated view so you can query them for security-related incidents and alerts.
Integration into other Azure Services
OMS seamlessly integrates into Azure Security Center, Azure Backup, and Azure Site Recovery providing a complete solution ensuring your Azure services are secure and your data is protected.
3 – Azure Advisor
Azure Advisor offers personalized recommendations which give you the insights you need to optimize your Azure resources for high-availability, security, performance, and cost.
Configuration Assessment
When enabled, Azure Advisor assesses your Azure services through interrogating and analyzing your resource configuration and usage telemetry. Based on this collated data, it can recommend solutions to help improve performance, security, and reliability.
Step-by-Step Implementation Assistance
Azure Advisor helps you apply its recommendations by guiding you through the implementation of each recommendation.
4 – Azure Monitor
Azure Monitor provides metrics and logs for most services in Microsoft Azure by collating information from both Azure infrastructure activity logs and Azure resource diagnostic logs.
Log Data Collation and Visualization
When data is collated, Azure Monitor lets you interrogate the data with powerful visualization tools. You can implement routes and alerts to trigger autoscaling and related automation tasks.
Automated Alerts for Security Incidents
From a security standpoint, you can configure Azure Monitor to alert you when security-related events are generated in one of the many different types of logs it can monitor.
5 – Log Analytics
Log Analytics is part of OMS and can conduct consolidated security analysis. It pulls data from Azure Monitor merging metrics from your entire Azure environment giving you a single view of all your Azure log data.
Log Data Consolidation and Query
Log Analytics has a powerful query capability which is a useful forensic tool as it enables you to quickly and efficiently search through the consolidated log data for security-related entries using flexible queries.
6 – Azure Resource Manager
Azure Resource Manager (ARM) is simply the Azure service which provisions resources to your Azure subscription. However, ARM is much more than just a provisioning service. It gives you the functionality you need to both manage and control your provisioned resources.
Manage Security for Multiple Azure Resources
When ARM provisions your resources, they are placed in a Resource Group where you can organize your Azure services into virtual groups by solution, role or function. For example, if you are deploying a solution requiring multiple virtual machines and an app service, you can deploy all of these resources into a single Resource Group. This lets you manage the solution holistically and apply security-related policies such as identity and access management to the entire set of resources for your solution.
Templates for Security Standardization
In addition, ARM comes with powerful templating functionality. This feature allows you to create, configure and harden a specific service once and then simply clone the service as many times as you need by deploying the created template.
7 – Application Insights
Application Insights is a service built into Azure allowing web application developers to monitor the erformance of their code. It helps developers improve the performance, usability, and security of their custom developed application or service.
Monitor Log Data from Custom Code
Application Insights is similar to Azure Monitor. The difference is that Application Insights monitors custom code whereas Azure Monitor oversees Azure infrastructure and Azure services.
Automate Security Alerts
Like Azure Monitor, Application Insights logs events and telemetry data which can be a valuable security tool as the collated information can provide the insight needed to secure your code. In addition, alerts can be configured to notify you when a security-related event has been logged, or an incident has occurred.
Azure Security – Policy Implementation, Scanning, and Monitoring
No matter what your operational security need, Azure has you covered. From policy implementation, vulnerability assessments, and security recommendations to log and code monitoring, Azure has the resources and services you need to ensure your cloud services are secure and your data is protected.
