Azure, Cyber Security, Technology

4 Mins Read

Microsoft Azure’s best practices alleviating cyber-crimes

Overview

Any crime that involves electronic devices or gadgets can be considered a cybercrime. Over the period it has become a major concern for all information security professionals. The internet’s use has rapidly increased in the last few years, due to a tremendous increase in the information flows over the internet. And it is still growing with a high velocity after the entire world faced the pandemic in the year 2019. It is evitable that the number of financial transactions happening over the internet across the globe has also grown at a very high rate. So, the emerging cybercrime trend has become a major concern to most financial organizations.  

Some interesting facts and numbers from 2022

According to a study on internet usage and users across the globe: 

  • Out of the total world population (almost 8 billion) estimated for the year 2022, the number of internet users recorded was 5.5 billion approximately with a 69% penetration rate. 
  • Now, Asia is the biggest of all the continents and has the highest contribution in terms of the population, (approx. 4.4 billion), i.e., 54.9% of the world’s total population, and has a 67.4% penetration rate.  
  • Within Asia, India, China, and Japan have the largest percentage of internet users and encounter a considerable rate of penetration rate as well. The numbers and details about other continents and countries can be checked here. 

From the above stats, it is evitable that the number of internet users has grown tremendously over the years and there is no way we can see a decline in the numbers in the coming future. 

  • Cloud Migration
  • Devops
  • AIML & IoT
Know More

What do these imply?

On the other hand, Information Technology is also growing at an equal speed. You choose any sector, and you could easily see the impact of technology on it. Be it Education, Transportation, Finance, Agriculture, or any other sector that you can think of, Information Technology has its footprint everywhere. The most important thing to know here is that all these technological solutions are deployed on the cloud infrastructure.  

Cloud technology has become the first choice for organizations to deploy their applications. So, majority of the internet users across the globe are using applications that are hosted on some of the cloud platforms like Microsoft Azure, Amazon AWS, or Google’s GCP. And it becomes important for all these cloud providers to maintain the security of applications that are hosted on their infrastructure ranging from all their service offerings from SAAS, PAAS, and IAAS.  

Azure Network Security Features

Microsoft Azure has a proven record for its network security solutions.  This blog is not comparing the security offerings of all public and private cloud providers, but it will focus on what are the best practices which one can follow while architecting their solutions on Microsoft Azure. 

Azure Network Security features will protect your applications and cloud-based workloads from all network-based cyberattacks. There are various products under this umbrella of Azure like Azure Firewall, Azure DDoS Protection, Azure Web Application Firewall, Azure Bastion, Azure Front Door, Azure Network Watcher, and Azure Content Delivery Network. A combination of all or some of these products will keep your application secure from a wide range of cyber-attacks happening over the internet. 

Best practices for designing solutions on Azure

  1. Planning your Network – Azure Virtual Network is an interconnection of VMs and other appliances to allow TCP/IP-based communication between them. This interconnection of the devices can happen within the same VNET, among multiple VNETs, and even to other sites over the internet. And this is where they become vulnerable to cyber-attacks. So, to maintain the secure interconnection, you must plan the centralized management of core network functionalities like creating an ExpressRoute circuit, Planning IP addresses, creating and managing subnets, and should enforce strong centrally managed governance policies across all the network components.   
  2. Maintaining the appropriate Subnet Ranges – The Azure VNETs are ideally created using a single private IP address range, which may belong to any of the IP address classes (Class A, Class B, or Class C). However, whatever class IP you choose, you must create multiple logical subnets of your VNET by dividing the single large address space into smaller ones.  
  3. Use Azure’s Network Security Group feature – to establish communication between different subnets by applying appropriate security rules. This will prevent the flow of unsolicited traffic across the subnets.  
  4. Adopt a Zero Trust approach – As an administrator of your Network, you should follow a zero-trust approach towards all the exposed services that are handled by different users of your directory. Ensure that, you have applied conditional access policies based on the device, location, and user’s identity. Azure AD Conditional Access service on the Azure portal can be used for applying this level of policies.  
  5. Microsoft Defender for Cloud – can be used for controlling the inbound and outbound traffic across your network. This filters your traffic based on the port numbers at which the services are running.  
  6. Use Azure AD Privileged Identity Management – to grant permissions to execute a privileged task, if any. 
  7. If your VNET has any critical network appliance deployed into it – then always make use of user-defined routes instead of system-defined routes to establish the connectivity between Virtual Machines and the Virtual Network Appliances.  
  8. As discussed in the previous points, Network Security Groups and user-defined routes – work on the Transport layer and Network layer of the OSI model. However, it is also essential to maintain security at higher levels of the stack. For this Azure provides a bunch of network appliances that can deliver security at the application layer as well. Some of the appliances that one must explore are Microsoft Defender for Cloud, Azure Firewall, Microsoft Sentinel, Azure Virtual Desktop, and many others which are available in the Azure Marketplace. 
  9. Do not expose your critical Azure resources and services – outside the Virtual Network. Instead, use private endpoints to access PAAS services like storage accounts, web apps, database, etc. Using the Azure Private Endpoints allow access to the Azure resources only from a specific authorized VNET.  
  10. In case of any cross-premises connectivity – avoid using the dedicated WAN links. Microsoft recommends using a more secure way for connectivity across multiple premises like one can choose for Site-to-Site VPN or Azure ExpressRoute, which is a more secure and reliable way to establish cross-premises connectivity. 

Conclusion

In addition to these best practices, looking at the global security scenario, Microsoft Azure has an individual management service called “Microsoft Defender External Attack Surface Management”, which focuses on how an organization can safeguard themselves against cyber-attacks. Some important key products in this management service are Microsoft Sentinel, Microsoft Defender for Cloud, Microsoft Entra for Identity Management, and many others on the list. In the next, article on Cyber Security with Azure, we will focus on some of these security products. 

Get your new hires billable within 1-60 days. Experience our Capability Development Framework today.

  • Cloud Training
  • Customized Training
  • Experiential Learning
Read More

About CloudThat

Incepted in 2012 is the first Indian organization to offer Cloud training and consultancy for mid-market and enterprise clients. Our business goal is providing global services on Cloud Engineering, Cloud Training and Cloud Expert Line. The expertise in all major cloud platforms including Microsoft Azure, Amazon Web Services (AWS), VMware and Google Cloud Platform (GCP) position us as pioneers in the realm. 

WRITTEN BY Atul Choudhary

Share

Comments

    Click to Comment

Get The Most Out Of Us

Our support doesn't end here. We have monthly newsletters, study guides, practice questions, and more to assist you in upgrading your cloud career. Subscribe to get them all!