As cloud computing becomes more widespread, so will the threats to the data stored within it. Cloud migration is a major concern for many corporations. They are expected to migrate customer’s sensitive data to Azure and integrate existing software and APIs. Then, they will train or hire new employees to manage the cloud security environment.
Each step can have its pitfalls. These include insecure APIs, access management intrusions and user error. While security concerns can be justified based on due diligence, Microsoft offers an amazing tool to combat them all: The Azure Security Center.
Let’s look at a few security threats that can easily be identified and managed with the Security Center. This article will discuss the three best practices for Azure Security Center: implementing secure governance, access control and safeguarding data.
A brief overview of Azure Security Center
The Azure Security Center is your one-stop shop for all security needs. Here you can monitor virtually every service that is required to run a production environment. Let’s say that your company just created five virtual machines. You need to know which ones have antivirus software installed, encrypted online, and are available. All of this information can be found on the Azure Security Center dashboard. Here’s an example of the dashboard.
Learn how to become a security expert with SPOTO’s Cybersecurity Training
Start training Let’s talk about attacked resources. This is the most common attack on cloud environments: RDP Brute Force attacks.
Threat #1: RDP Attacks
There are many potential threats to network security for enterprise-level businesses. RDP (Remote Desktop Protocol), attacks are one of the most common threats to an IaaS environment (Infrastructure as a Service). This is a DDoS attack that allows an attacker to RDP into a specific VM and clog up the ports. Port 22 is the most popular port target. This is the dedicated port for SSH protocol. This attack will severely hinder productivity and prevent regular users from accessing company resources.
This attack vector is especially dangerous in the age of COVID. Azure Security Center is a way to mitigate this threat. It strikes a great balance between security and convenience.
These types of threats are handled by Azure using a clever feature called Just In-Time VM Access. Administrators can limit the time that certain ports are open with JIT VM Access. We may want certain ports to be open only to allow admins enough time for them to log on to the virtual machines and do any necessary updates. JIT VM Access allows us to set the hours for ports to open on Saturdays between 1:00 PM – 2:00 PM. It’s all about the Golden Rule in IT Security: Less privileged access.
Threat #2: Data Breaches
The worst nightmare for a CEO is getting a call at midnight that starts with these three words: We’ve been hacked. The most serious hacks involve data integrity. This means that production data can be inserted, deleted, or retrieved without authorization. It is crucial to prevent data loss, especially customer data. Let’s look at Azure Security as a way to reduce this threat.
First, Azure data will most likely be stored in Cosmos DB (a NoSQL database) or some other SQL database. Either one of these databases types can be easily spun up on-demand. Even better, all data stored on Azure are encrypted at rest by default.