Cloud Security - A shared responsibility

August 11, 2016 Tobin Dalrymple

Even if cloud providers take most of the hard work off your plate, there are some things that Microsoft and Amazon won't do for you – and security is part of that.

This was the topic of our most recent Azure webinar, hosted by Softchoice’s Services Practice Leader, Tadd Axon. Here is the deck and the webinar recording:

Who owns cloud security?

The responsibility of delivering security is split between the enterprise and the cloud provider.

Here is a general breakdown of who owns what:

  • Cloud provider – has the contractual obligation to provide a secure foundation and transparency – this is all about keeping the infrastructure safe.
  • Cloud provider – shoulders the burden of attracting and retaining security talent (a huge load off for you!).
  • Cloud consumer (you) focuses on the security of the actual application itself, and everything that involves managing it, using it and accessing integrations with other services, authentication and some parts of encryption.

A learning curve

Here’s the problem. Very few businesses have ever been through this exact situation, given cloud’s relative newness. It’s very hard to find talented resources who are veterans at managing application security in the cloud – much less someone you can afford in these competitive times. However, there are a number of tools offered that can help make this job easier and more reliable.

Azure Security Center:

Azure Security Center

Gives you a central view of the security state of all of your Azure resources. At a glance, verify that the appropriate security controls are in place and configured correctly. And quickly identify any resources that require attention.

Azure Identity Protection:

Azure Identity Protection

A security service that provides a consolidated view into risk events and potential vulnerabilities affecting your organization’s identities. It leverages existing Azure AD’s anomaly detection capabilities and introduces new risk event types that can detect anomalies in real-time.

Azure Application Insights:

Azure Application Insights

Uses machine learning capabilities to continually analyze your application. This allows it to learn your app’s normal behavior so service degradations or disruptions are automatically detected and reported—helping you respond to issues at the speed your customers demand.

Azure Operations Management Suite: 

Azure Operations Management Suite

Protect your heterogeneous environments, respond proactively to changing business needs and simplify IT management – all from a single portal with no infrastructure to maintain.

We also covered two other important resources from Azure that help enterprises stay secure. Azure Resource Manager is the hub where you can save and deploy templates for your “infrastructure as code”. This is a quick and easy way to make repeated, optimized deployments. And Azure Storage Encryption, offering client-side libraries for encryption in transit as well as encryption at rest.

Finally, there are a number of relevant technologies that aren’t explicitly designed for Azure security but do offer you numerous options in strengthening your data protection.

These are:

  • Secure, flexible API Management
  • An auditable, HSM-based storage of secrets with Azure KeyVault
  • Azure SQL’s “least privilege” design
  • Disposable and ephemeral Virtual Machine Scale Sets

The cloud certainly offers benefits – but not if you waste too much time and energy in managing it, and especially not if you fail to protect your own data and information. Use these tools to get your side of the job done.

Previous Article
Lab: How to Create Infrastructure with ARM Templates
Lab: How to Create Infrastructure with ARM Templates

Next Flipbook
5 Steps to Good Azure Governance
5 Steps to Good Azure Governance