Pythian Blog: Technical Track

Plan security and management strategy for Microsoft Azure infrastructure

We are all aware that one of the biggest challenges we have when we are learning/thinking about a new cloud service provider to move our production environment to, is to clearly understand and figure out what that provider offers today and if it fits our needs and requirements. Microsoft Azure is a cloud service platform that supports a broad selection of operating systems, programming languages, frameworks, databases and so on. Azure services support the same technologies that millions of developers and IT professionals already relay and trust. But when we are an on-premises company and we are preparing to move to the cloud, we will need proper planning and due diligence to make this transition. Initially, I would like to start with something which is fundamental when we start thinking about moving to cloud: What is different in management and security as we move to the cloud and how that will impact our current setup? The first one is kind of obvious and that used to be Central IT and the role of the IT team on-premises. The IT team was always the center of all IT projects and now with the cloud, things changed to where central IT still plays an important role, but fully supports the business units doing outsourcing cloud projects. Furthermore, we are having development teams doing some work that IT teams historically did. Having that structure in place, there is a proliferation of users that are doing different things and they have varying skill sets in terms of understanding the need for security and management. From my operational support experience till now, not every machine running on Azure is well-managed, so it is important whether you are a developer, IT or any other third-party that you understand the best practices on Azure that enable you to do security and management. Second, with increased security threats in the security space today, things get more and more sophisticated over time. But that sophistication means we need more advanced solutions that have intelligence built into them because the old-fashioned way of grabbing a data set and trying to figure out what went wrong is too slow and too challenging. We need intelligence and machine learning to help us figure out when we are attacked and how to mitigate it in future. The third one and one of the reasons we were initially planning to go to the cloud, is for business agility. We want to get stuff done faster. When we are getting stuff done faster, we are deploying much more rapidly, and using dev ops practices. When we do that, we want to make sure we apply security and management but not slow people down because that is just not acceptable in today's business cycle. The most important point everyone needs to understand is that when it comes to security and management on Azure, there is a joint responsibility between Microsoft and the customers on the platform to secure and manage their cloud resources. We all need to be aware that we need to own all management and security on the workloads running on our VMs in Azure and to follow best practices to be secure, in addition to the fundamental things covered by Azure teams. As we put our resources in Azure, we need to consider how to secure, backup and monitor them. Azure gives us simple ways to secure and manage our clouds using three key points we should use as starting point to secure our environment:
  • Secure your cloud resources via Azure Security Center
    • Gain full visibility and control of your cloud security state
    • Proactively identify and mitigate risks to reduce exposure to attacks
    • Quickly detect and respond to threats with advanced analytics
  • Protect your data in cloud via Azure Backup
    • Protect against ransomware and human errors
    • Meet compliance goals with data retention and encryption
    • Start backups in minutes and restore quickly when needed
  • Monitoring your cloud health via Azure Monitor and Log Analytics
    • Collect and store your data from any source
    • Gain deep operational insights
    • Detect, diagnose and fix issues quickly
Meanwhile, Azure has a full set of services to meet all of our security and management needs. The value we are getting out of this is significant securing and protecting your environment and it’s a bit more advanced.

No Comments Yet

Let us know what you think

Subscribe by email