Top 10 Best Practices for Azure Security
Mark Simos, lead Cyber security architect for Microsoft, explored the lessons learned from protecting both Microsoft's own technology environments and the responsibility we have to our customers, and shares the top 10 (+1!) recommendations for Azure security best practices.
1. People: Educate teams about the cloud security journey
2. People: Educate teams on cloud security technology
3. Process: Assign accountability for cloud security decisions
4. Process: Update Incident Response (IR) processes for cloud
5. Process: Establish security posture management
6. Technology: Require Passwordless or Multi-Factor-Authentication
7. Technology: Integrate native firewall and network security
8. Technology: Integrate native threat detection
9. Architecture: Standardize on a single directory and identity
10. Architecture: Use identity-based access control (instead of keys)
11. Architecture: Establish a single unified security strategy
These best practices have been included as a resource in the Microsoft Cloud Adoption Framework for Azure, where you can get more details on what, why, who and how of each of these points. Get the details here.
I love that this is broken into people, process, technology, and architecture. While statistics prove that capabilities like Multi-Factor Authentication significantly reduce security risk, both people and processes are crucial to protecting from and responding to security threats.
Some of those points look clear and simple on the surface but may be the hardest to implement in your organization (like assigning accountability for cloud security decisions). Or you may have many of the people and process items already in place for an on-premises environment - these are just as valid for on-prem or hybrid environments too.