Security is one of the hottest topics in IT today. Especially now that the traditional IT landscape is increasingly integrated with the public cloud and remote workplaces are here to stay. While users are often still (too) easy-going with their security – and yes, also in business – service providers and other IT professionals are thoroughly aware: security is a number one priority.
Moving to the cloud has led to a hybrid IT landscape with many security implications and challenges. Where you used to have a well-defined physical perimeter around your network, users, applications and data, security has now become a shared responsibility between you, your customers, and the cloud provider. In addition, we got laptops, tablets and smartphones and have become increasingly mobile. The network has come to include everyone and everything, all the time.
Therefore, let's take a closer look at two areas within the hybrid IT landscape where the most crucial vulnerabilities can be found today: identity and networking. What are the threats and how can you protect your infrastructure to ensure the highest possible security, both for cloud-native deployments and hybrid scenarios for your company and your customers? In this article we look at what Microsoft Azure offers in this respect.
Identity is more important than ever. Weak and commonly used passwords are the most obvious entry points for hackers. Passwords like 123456, Password or welcome aren't really making it difficult for hackers, are they? Although nowadays nothing is 100% watertight, Azure does offer a very comprehensive package of services for identity and access management. Very often within the subscription that you already have.
Azure Active Directory1, for example, gives you a central identity store across the cloud and your on-premises Active Directory, allowing you to securely connect users to the apps, devices, and data they need. Concepts like Managed Identity play a pivotal role in establishing an identity-based perimeter, and Azure Arc, for example, extends this capability to your on-premises resources. But also think of Azure AD Multifactor Identification (MFA). A simple, effective service that you can deploy quickly, but which is still far from standard for everyone.
The other pillar of a modern security strategy is the network. Digital estates are growing and have no boundaries. The classic network perimeter is giving way to a modern Zero Trust architecture, based on the principle of "never trust, always verify". Access and authorisation are only granted with continuous verification of identities, devices, and services. Zero Trust has become a must-have for a trusted IT landscape to protect your business and customers from malicious cyberactivity.
A Zero Trust approach cannot exist without strong network security controls. Azure has a broad range of controls available for segmentation, locking down the network and limiting traffic in both directions when you connect your on-premises data centre to Azure or other public cloud services. Think of connectivity services like Azure Virtual Network, ExpressRoute, or application protection with Network Security Group (NSG), Azure Firewall and Application Gateway.
Everything that has been said above is what you as a service provider will take responsibility for. But no matter how proactive you are, how do you ensure that your architecture remains consistent, compliant, and safe from attacks and other suspicious activities in the long run? Azure also offers a solution for this.
Azure Policy or Azure Blueprint help you with predefined, repeatable standards or templates. With these, you enforce a compliant and consistent security baseline for all Azure resources in your subscriptions. Automated monitoring tooling is available to identify and analyse security threats and take immediate actions for mitigation. A commonly used tool is Azure Sentinel, a cloud-native SIEM solution that collects data, and detects and analyses threats with ML and AI tools. In case of an incident Sentinel responds quickly with built-in orchestration and automation of common tasks. Also, for non-cloud workloads. Meanwhile, you grab yourself another cup of coffee...
Cybercrime has become big business. Lurid hackers have moved from their attics to anonymous office buildings and are becoming more and more professional. Research figures break record after record. Microsoft recently listed the impressive impact of cybercrime in their "Cyberthreat Minute". Almost 35,000 password attacks. Over 1,900 IoT attacks, 19 DDoS attacks, 7 phishing attempts. Every single minute. And the list continues. The cost of cybercrime per minute worldwide is more than $1.14 million. It is clear that in cybersecurity every minute counts. If not every second...
Are you at the edge of your chair? And curious to know what Microsoft Entra and other Azure security services can offer your business in terms of cybersecurity? We at Insight have been working with partners like you across Europe for many years. We help them to find ways to optimise efficiency, reduce costs, mitigate risks, and maximise revenue by providing valuable time, knowledge, and support in many (hybrid) cloud scenarios.
Contact one of our cloud specialists to find out how we can support you in securing your cloud ambitions in line with your business goals, whether you are designing your first workloads in the cloud or work entirely cloud-based.
 Microsoft has brought together its entire identity and access capabilities into a new product family, Microsoft Entra. The Entra family includes Microsoft Azure Active Directory (Azure AD), as well as two new product categories: Cloud Infrastructure Entitlement Management (CIEM) and decentralised identity.