Azure Security is a combination of best practices and a combination of services and products configured by admins to protect identities and services.
Security in Azure starts by building your directory (Azure AD) and assigning the corresponding roles to your cloud users, using the least privilege either by assigning from a multiple built in roles created for the most common task-oriented users or by creating a custom one that will fit your roles requirements. You will use the Role Based Access Control (RBAC) to assign the roles.
It is important to consider the Hierarchy with RBAC, because assigning a role at a specific level will inherit the permissions down the hierarchy:
At the resource level, you are going to find security options to configure depending on the resource type, common setting are:
Encryption
For resource that store data like Storage Accounts and Databases, those type of resources manage by default data encryption at rest with the option to encrypting with your own key (BYOK).
Key Vault
Is a service included in your subscription to protect secrets like Passwords, Keys, Connection Strings and Certificates.
Network Security
The Vnets that you configure includes a Network Security Group (NSG), you are going to create Inbound and Outbound rules to allow or deny specific traffic.
DDos Protection
This is a feature that you can set at your Vnets to protect against the Distributed Denial Of Service attacks.
Azure Firewall
A service that you can configure to protect your cloud network infrastructure.
Security Center
For a complete set of security controls, management, and reports, you can turn on Azure Security Center. This service will consolidate all the security settings from your subscription, even in a hybrid environment in a single console. You will find secure scores that will provide you updated information about your actual secure status based on your actual infrastructure and best practices. In addition, you will find features like Just in Time Access, to help protect admin access, assigning a temporary access to administrators and protecting those identities.
Original article by Eduardo Lopez, published on the Fast Lane US blog – click here to view
Be an expert in Security
If your company or you are looking to get ahead of the competition, ensuring your employees are certified, skilled, and highly-trained is a powerful point of differentiation. Knowledge obtained in different top cloud certification areas is imperative and can make a huge impact for growth. Contact Fast Lane today to learn more about how we can help you get your team and you certified.
