Top 10 Best Practices for Azure Security

AZURE, Cloud, Systems -

Top 10 Best Practices for Azure Security


There is so much opportunity to use Azure to improve your security posture, but where to start? What are the most effective and easiest measures to implement? In this overview session, you will learn about the top 10 Azure security best practices (across people, process, and technology), discover the latest Azure security innovations.


Mark Simos, lead Cyber security architect for Microsoft, explored the lessons learned from protecting both Microsoft's own technology environments and the responsibility we have to our customers, and shares the top 10 (+1!) recommendations for Azure security best practices.


Here's the list:

1. People: Educate teams about the cloud security journey

2. People: Educate teams on cloud security technology

3. Process: Assign accountability for cloud security decisions

4. Process: Update Incident Response (IR) processes for cloud

5. Process: Establish security posture management

6. Technology: Require Passwordless or Multi-Factor-Authentication

7. Technology: Integrate native firewall and network security

8. Technology: Integrate native threat detection

9. Architecture: Standardize on a single directory and identity

10. Architecture: Use identity-based access control (instead of keys)

11. Architecture: Establish a single unified security strategy


These best practices have been included as a resource in the Microsoft Cloud Adoption Framework for Azure, where you can get more details on what, why, who and how of each of these points. Get the details here.


I love that this is broken into people, process, technology, and architecture. While statistics prove that capabilities like Multi-Factor Authentication significantly reduce security risk, both people and processes are crucial to protecting from and responding to security threats.   


Some of those points look clear and simple on the surface but may be the hardest to implement in your organization (like assigning accountability for cloud security decisions). Or you may have many of the people and process items already in place for an on-premises environment - these are just as valid for on-prem or hybrid environments too.



Leave a comment

Please note, comments must be approved before they are published