2. May 2023 By Alexandru Vleju and Dr. Muhammad Sukmana
6 Security Management Mistakes in Microsoft Azure Infrastructure
We're excited to bring you this collaboration post between adesso Netherlands and, our partner, Mitigant where we share our expertise and insights on the topic of cloud cybersecurity. In this post, you'll learn about security management mistakes, the importance of a proactive approach to cybersecurity, and some practical tips for protecting your organization from cyber threats. So, let's dive in!
With many cloud provider options available on the market, Microsoft Azure (Azure) has become one of the most popular cloud options for organisations to host their data and applications, with a 23% market share, according to Statista. One of the main reasons is the complete integration of many Microsoft products with Azure, such as Office and Teams. However, many organisations could unknowingly make security mistakes when managing their Azure infrastructure that could lead to security incidents, e.g., data leak or service interruption. This article explains some security mistakes made by Azure customers while managing the Azure infrastructure and how to resolve them.
Assuming Azure infrastructure is secure by default
Many Azure customers assume that when they deploy cloud resources in Azure, the cloud resources are already secure with the default configuration. Unfortunately, this can leave the environment vulnerable to cyberattacks because the default configuration may not align with the organisation's specific security needs or cloud security best practices and standards.
Azure customers must ensure the cloud resources are securely and correctly configured as part of the shared responsibility model between the cloud customers and cloud providers. Taking appropriate steps to secure cloud infrastructures is the responsibility of cloud customers, for example, implementing security policies and best practices and regularly reviewing and updating implemented security measures.
Insecure network security configuration
With interconnected cloud resources, network security is critical in any cloud environment to ensure only specific traffic can enter and exit the cloud environment, similar to on-premises infrastructures. Unfortunately, many organisations may fail to secure their networks, leaving cloud resources vulnerable to cyberattacks.
There are several recommendations Azure customers can make to improve network security configuration. For example, inbound and outbound traffic should be restricted to only the necessary ports and protocols, which can be achieved using network security groups. Enforcing cloud resources to use secure communication channels is another option by using virtual private networks (VPNs) or only accepting incoming HTTPS connections.
Inadequate identity and access management controls
Properly managing access to Azure resources in Active Directory and Identity and Access Management (IAM) services is essential for maintaining the cloud environment's security. Unfortunately, Azure customers may make the mistake of granting users, services, or applications more privileges than they need or failing to revoke privileges when it is no longer needed. This could lead to vulnerable cloud infrastructure and security incidences, such as insider data leaks.
Organizations must implement the least privilege principle to improve access controls within the cloud infrastructures by granting users, services, or applications only the minimum privileges necessary to perform their tasks. Regularly reviewing and updating the entities and their privileges is essential to avoid unauthorized and overprivileged access to cloud resources.
Weak key management strategy
Azure customers could bring their own encryption keys, or keys, which can be used to provide an additional encryption layer for the data stored in the Azure environment. However, weak key management strategies, such as failing to rotate keys or storing keys in an insecure location, could threaten the confidentiality and availability of the stored encrypted data, as the encrypted data could be unauthorizedly decrypted or fail to be decrypted.
The keys, certificates, and passwords can be securely stored in the Key Vault service. Keys should be protected with strong passwords or multi-factor authentication to ensure only authorized entities can access them. Keys should also be regularly rotated, triggering re-encryption of the encrypted data in case the keys are compromised.
Failing to monitor and audit the Azure environment
Monitoring and auditing are critical components of any security and compliance strategy. These processes are essential to immediately detect and respond to the cloud's potential vulnerabilities and suspicious activities. Failing to monitor and audit Azure resources could lead to security incidents from internal or external factors, such as privilege escalation attacks or data leaks.
Although Azure, by default, records some of the activities in the cloud and monitors the cloud resources to some extent, Azure customers still have to enable many features and Azure services to monitor and audit Azure environments properly. Generated logs of recorded cloud activities should be reviewed regularly to detect suspicious activities. Alerts can be configured to be raised when suspicious activities are detected to help notify Azure customers immediately.
Finally, conducting regular security audits within the Azure environment helps to ensure compliance with security policies.
Ignoring updates and patches
Updates and patches are essential for maintaining the security of Azure resources, ensuring known security vulnerabilities are remediated. However, upgrading the resources to the latest updates or patches could interrupt running business-related processes, causing many Azure customers to delay the upgrade process. This could cause Azure resources to be vulnerable and could be exploited by unauthorized entities to gain access.
To improve patch management, Azure customers should regularly review available updates and patches, prioritize critical updates, and apply updates and patches promptly to ensure that the Azure resources remain secure from potential security incidents. It is also important to regularly review and be up to date with the latest security policies, best practices, and security news to help take necessary actions in case of new or zero-day vulnerabilities.
How Mitigant and adesso Netherlands can help to secure your Azure infrastructure
Adesso Netherlands supports organisations to achieve business success by offering consulting services in various areas, including Microsoft Azure. When it comes to security in Azure, Adesso specializes in cloud security assessments to ensure that your cloud environment is secure and compliant with industry standards. Our team of experts can conduct a comprehensive review of your cloud infrastructure, identify potential security risks and vulnerabilities, and recommend solutions to mitigate these risks. Our Cloud Security Assessment covers all aspects of cloud security, including identity and access management, data protection, network security, and compliance with industry standards and regulatory requirements. We understand that cloud security is a continuous process, and we work with our clients to provide ongoing monitoring, evaluation, and updates to ensure their cloud environments remain secure.
Mitigant, an enterprise cloud security SaaS solution from Resility GmbH, helps Adesso Netherlands conduct cloud security assessments for various public cloud infrastructures, such as Amazon Web Services, Microsoft Azure, Google Cloud Platform, and Kubernetes. With only 15 minutes onboarding process, Mitigant can help to automate cloud security assessments instead of time-consuming manual processes, such as checking cloud resources for security vulnerabilities, researching the remediation steps to resolve the issues, and reporting the findings.
Learn more about adesso Netherlands at adesso.nl and Mitigant at mitigant.io.