AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

Similar documents
locuz.com SOC Services

Automating the Top 20 CIS Critical Security Controls

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Introducing Cyber Observer

85% 89% 10/5/2018. Do You Have A Firewall Around Your Cloud? Conquering The Big Threats & Challenges

Best Practices in Securing a Multicloud World

Cloud Customer Architecture for Securing Workloads on Cloud Services

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

IT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,

CLOUD WORKLOAD SECURITY

Popular SIEM vs aisiem

VANGUARD WHITE PAPER VANGUARD INSURANCE INDUSTRY WHITEPAPER

WHITE PAPERS. INSURANCE INDUSTRY (White Paper)

THALES DATA THREAT REPORT

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

Managing Microsoft 365 Identity and Access

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

McAfee Public Cloud Server Security Suite

Cyber Resilience. Think18. Felicity March IBM Corporation

Reinvent Your 2013 Security Management Strategy

Supporting the Cloud Transformation of Agencies across the Public Sector

IoT & SCADA Cyber Security Services

Insurance Industry - PCI DSS

SYMANTEC DATA CENTER SECURITY

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

Securing Privileged Access Securing High Value Assets Datacenter Security Information Protection Information Worker and Device Protection

Security

Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches

Tripwire State of Cyber Hygiene Report

Retail Security in a World of Digital Touchpoint Complexity

Getting Started with AWS Security

Evolution of Cyber Security. Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa

to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large

Transforming Security from Defense in Depth to Comprehensive Security Assurance

SIEMLESS THREAT DETECTION FOR AWS

Completing your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT

THE RISE OF GLOBAL THREAT INTELLIGENCE

HITRUST ON THE CLOUD. Navigating Healthcare Compliance

A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface

ABB Ability Cyber Security Services Protection against cyber threats takes ability

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

Industrial Cyber Security. ICS SHIELD Top-down security for multi-vendor OT assets

Why Microsoft Azure is the right choice for your Public Cloud, a Consultants view by Simon Conyard

Cyber security - why and how

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

K12 Cybersecurity Roadmap

The Challenge of Cloud Security

Critical Hygiene for Preventing Major Breaches

Operationalizing the Three Principles of Advanced Threat Detection

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Total Security Management PCI DSS Compliance Guide

Adopting Modern Practices for Improved Cloud Security. Cox Automotive - Enterprise Risk & Security

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

CISO as Change Agent: Getting to Yes

Carbon Black PCI Compliance Mapping Checklist

Identity & Access Management

Securing Your Cloud Introduction Presentation

The security challenge in a mobile world

align security instill confidence

Datacenter Security: Protection Beyond OS LifeCycle

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Nine Steps to Smart Security for Small Businesses

Go mobile. Stay in control.

The Top 6 WAF Essentials to Achieve Application Security Efficacy

Security by Default: Enabling Transformation Through Cyber Resilience

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

SIEMLESS THREAT MANAGEMENT

SOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2

Microsoft Security Management

VANGUARD WHITE PAPER VANGUARD GOVERNMENT INDUSTRY WHITEPAPER

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

# ROLE DESCRIPTION / BENEFIT ISSUES / RISKS

Passwords Are Dead. Long Live Multi-Factor Authentication. Chris Webber, Security Strategist

Microsoft Azure Security, Privacy, & Compliance

Security Operations & Analytics Services

SECURITY SERVICES SECURITY

Digital Renewable Ecosystem on Predix Platform from GE Renewable Energy

FOR FINANCIAL SERVICES ORGANIZATIONS

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Endpoint Security Can Be Much More Effective and Less Costly. Here s How

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

PCI DSS Compliance. White Paper Parallels Remote Application Server

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

McAfee epolicy Orchestrator

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

CA Security Management

Sirius Security Overview

Cybersecurity The Evolving Landscape

Qualys Cloud Platform

SoftLayer Security and Compliance:

Compliance Audit Readiness. Bob Kral Tenable Network Security

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Transcription:

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES To Secure Azure and Hybrid Cloud Environments

Introduction Cloud is at the core of every successful digital transformation initiative. With cloud comes new rules for security. The defend the perimeter methods of securing onpremises data, applications, systems, and environments is not a good fit. A great deal of what once had to be physically protected is gone when a cloud environment is deployed. The protection naturally takes a turn toward virtual. As a result, an approach to the security process for Azure requires organizations to take new or modified steps. A great deal of what once had to be physically protected is gone when a cloud environment is deployed. Because of our vast experience with Azure and hybrid installations, 10th Magnitude has amassed an impressive body of knowledge about securing cloud deployments. This playbook distills that experience and knowledge into 6 best practices to follow for securing Azure and hybrid cloud environments. 2 AZURE CLOUD SECURITY GUIDE

1 Don t forget what has served you well (Some old rules still apply) Although securing Azure cloud requires a change in mindset, there are certain philosophies and approaches that apply to security no matter what. There are three that you should apply to your cloud security initiative. People, process, and technology will always apply People, process, and technology is a tried-and-true philosophy that holds true for any process or project. Success with cloud security includes addressing the organizational challenges that security teams face. Therefore, you should make sure your cloud security project includes process formalization, orchestration and automation; it should also follow up with continuous training. You don t just need the CISO and CIO to buy in, but you need them be aligned with the philosophy. Base your approach on risk Rock-solid security for on-premises systems requires a robust risk-based approach. Cloud is no different. Focus on prioritizing information security threats, understanding the techniques that may be employed as part of an attack and evaluating the capability of controls to prevent, detect, and respond to an attack. Without this knowledge, your organization will struggle to determine not only the level of exposure to particular threats but whether your cyber incident response plans are structured and ready to address these threats when they arise. Risk assessments are your key tool in developing your risk-based approach. Stick with the principle of least privilege Least privilege is a computer science principle that your organization has likely applied to strengthening the security posture of your on-premises systems. Using the minimal set of privileges on a system to perform an action doesn t change in the cloud. As you build out your cloud security plan, align each user to an appropriate role and associated privileges. Think of it this way you don t give your mechanic your driver s license when they re just fixing your car. 3 AZURE CLOUD SECURITY GUIDE

2 A few simple things can prevent 90% of all security breaches Even for something as complicated as securing systems and cloud environments, there are four simple steps you can take that will make you 90% less likely to be breached. Harden and manage patches for your operating system Hardened virtual machines help keep you safe in the cloud. Also known as virtual machine images, they spin up securely configured ( hardened virtual instances of many popular operating systems to perform technical tasks without investing in additional hardware and related expenses. CIS Hardened Images are configured to meet the CIS Benchmarks, which are consensus-based configuration guidelines that cybersecurity experts around the globe developed and rely on, and they are available in the Azure Marketplace. You will also need to implement a patch management process. If you have one for your on-premises systems, don t assume it will apply to the cloud. Keep your anti-virus and anti-malware current Threats to cloud installations change regularly and often dramatically. Microsoft Antimalware for Azure is free real-time protection capability that identifies and removes viruses, spyware and other malicious software. You can configure it to send alerts when threatening or unwanted software attempts to install itself or run on your Azure systems. Control identities The identities of your users can be easy entry points for hackers, malware, and other attackers, but identity management is often overlooked when planning security. So, to keep most threats out, you should centralize your identity management, enable single sign-on (SSO), implement password management, enforce multi-factor authentication (MFA) for users, and use rolebased access control. A resource manager that controls locations where resources are created and guides developers to use identity capabilities for SaaS is a must. Monitor 24 7 It s important to monitor your cloud environments to maintain their availability and performance. This is easy with Azure Monitor, Azure Dashboards, and Azure Log Analytics. The data generated by resources in your cloud environments (and on-premises) and from other monitoring tools is aggregated into dashboards and visualizations so you can quickly view and analyze the health of your overall environment. 4 AZURE CLOUD SECURITY GUIDE

3 A solid foundation is critical To make sure you are mitigating business risk while facilitating your organization s mission and objectives, you need a solid foundation. Azure Enterprise Scaffold provides a stable framework for departments, accounts and subscriptions with resource manager policies, strong naming standards, core Azure capabilities and features that enable a secure and manageable environment. Tools, technologies, and constructs, such as Resource Tags, Resource Groups, Role Based Access Control, Resource Locks, and Azure Automation, are included. 4 Understand the shift With on-premises installations, you go it alone. However, you have a partner when you host resources on a public cloud service provider s infrastructure. The things that your partner is responsible for (in terms of security) depends on the cloud service model you use, specifically whether it s Infrastructure as a Service (IaaS), Platform as a Service (PaaS), or Software as a Service (SaaS). In the end, you are accountable for ensuring your solution is secure and is meeting compliance obligations. So you should reevaluate your controls for shared responsibility. Start with the Cloud Security Alliance Cloud Control Matrix (CCM. If you are not familiar with the Cloud Security Alliance they are a non-profit organization which is dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. The CCM is a common set of controls and control details for cloud-specific risk. CCM also details updated control specifications for cloud, which is mapped back to major frameworks (Fedramp, NIST, ISO and PCI. The big benefit? CCM reduces the risk of failing to consider important factors when migrating to the cloud. Next, review applicable Azure Blueprint Responsibility Matrix. The Azure Blueprint Customer Responsibilities Matrix is designed to support customers implementing and documenting security controls for systems built on Azure. The workbooks contain general guidance for control implementation responsibility for a nonspecific Azure architecture. The workbooks can be used to assess and understand the full scope of your responsibility for implementing security controls and ensuring security controls are implemented in accordance with your compliance obligations. The workbooks can be downloaded from the Service Trust Portal and are currently available for DOD, FedRAMP, Healthcare, NIST CIF, and PCI-DSS. 5 AZURE CLOUD SECURITY GUIDE

5 Building in security means working with DevOps teams When presented with a cloud-related barrier, developers will go around it. Don t be a choke point. Instead, use native governance. Because DevOps teams want to use native tools, you should use Azure Policy to put guardrails in place. Also, restrict deployment options for your organization to specific data centers or enable the creation of specific resource types only. Establish metadata tagging to help drive accountability, compliance, and more. Secure DevOps Kit for Azure is a collection of scripts, tools, extensions, automation and more that caters to DevOps teams. It smoothly integrates security into native DevOps workflows to secure the subscription, enable secure development, integrate security into continuous integration/continuous deployment, enable continuous assurance, provide alerting and monitoring, and manage cloud risk governance. 6 If you need advanced security and compliance, look for a partner When you have a security requirement that calls for the next level of security and compliance, look to partners to provide those solutions. Consider those who are invested in the ecosystem. They should offer advanced solutions for vulnerability scanning, managed IDs, web application firewalls and compliance, all fully managed in their SOCs 24 7 by a team of experts. Hybrid scenario support is also something to consider. More than 60 percent of organizations report having too few information security professionals, and by 2022 this shortfall is expected to reach 1.8 million. 1 1. Reed, Jason, Yiru Zhong, Lynn Terwoerds, and Joyce Brocaglia. The 2017 Global Information Security Workforce Study: Women in Cybersecurity. Frost & Sullivan. 2017. 6 AZURE CLOUD SECURITY GUIDE

Cloud Is in Our DNA In an industry that sees new entrants come and go frequently, 10th Magnitude has a decisive presence. 10th Magnitude was born in the cloud, and our business focuses solely on cloud delivery. With cloud in our DNA, we are able to offer a cloud strategy that frees you from the burden of a legacy model. The result? A fast, clean and secure path to digital transformation backed by extensive experience and the power of Microsoft Azure. Ready to Try it? Contact Us: info@10thmagnitude.com 10thmagnitude.com 10th Magnitude is proud to be a Microsoft Gold DevOps, Gold Cloud Platform, Gold Application Development, Gold Datacenter, and Gold Data Analytics Partner.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback