It’s my job to talk to people about cloud computing security. Over the years, I’ve found that the nature of these conversations have changed from “the cloud can’t be secured” to “it’s possible that the cloud can be secured” to “how do I secure my assets in the cloud?”
This progression is a good thing. The key change is that an increasing number of people and organizations understand that there are actually security advantages to going to the public cloud. The reason behind this assumption is that large public cloud providers have enormous resource they can put behind their security efforts. They can spend huge amounts of time and money on the best people and the best technology.
Also, these large public cloud providers share information with each other – no public cloud service provider wants to see their competitors have security problems. The stink of cloud security breaches doesn’t just affect the provider that had the problem, it spreads to the entire cloud computing industry.
Given that we can accept that the public cloud service providers can provide better security than most of us can do on-premises, the natural next step is to ask what we can do to help secure our own deployments. Cloud service providers do a ton to secure the infrastructure and platform on which you’ll deploy your solutions, but they won’t secure them for you – that’s your responsibility. Of course, what you’re responsible for depends on the cloud service model (IaaS/PaaS/SaaS) you’re using.
In Azure, there’s a cloud security solution that goes by the name of “Azure Security Center.” You can use Azure Security Center to help secure your IaaS VMs and your PaaS Azure SQL and Azure Web applications.
There are five things that Azure Security Center does to help you with this:
- Security Policy: You can set security policy so that you monitor, log, and report on what you want to secure – if there are things you don’t care about, you set security policy to not monitor those areas (noise is the enemy of good security, so this flexibility is very cool).
- Monitoring: Continuous monitoring of the security state of your deployments. This is different than “one-off” vulnerability assessments that you have to trigger and get a “point-in-time” report. Azure Security Center continuously monitors your deployments and lets you know of security issues as they come up.
- Recommendations: As we move towards a “DevOps” model of application development and operations, many teams may not have the security expertise they used to have. Some teams might see this as a good thing, since they were always hearing “no” from the security teams. On the other hand, without security expertise, there’s a good chance the DevOps team will end up on the front page of the newspaper because of a security breach. Azure Security Center can help teams that lack security expertise by providing security recommendations – it’s like having a security expert in a box.
- Real-time security: Get real-time alerts based on advanced threat detection that takes advantage of atomic detections, threat intelligence feeds, behavioral analysis, anomaly detection, and detection fusion. These alerts will provide you with details of the possible security issues, and also allow you to mitigate the problem right within Azure Security Center or provide you with comprehensive information on how to fix it yourself.
- Integration: Integrate partner solutions (firewalls, IDS/IPS, web application firewalls, application delivery controllers, etc.) – this integration allows these partner solutions to surface their alerts, assessments and logging and reporting information right into the Azure Security Center console, so you don’t need to move around consoles and try to integrate the information yourself. In addition, you can use the Log Integration feature to export the information collected by Azure Security Center and import it into your own on-premises SIEM (or cloud-based SIEM) if you choose.
Azure Security Center is deceptively simple. When you first look at it, you think “Er, OK. Whatever – is that it?” NO! That’s not it.
The thing is, when you first deploy Azure Security Center, you don’t have any data yet, so there’s nothing for it to make its assessments and evaluations on. After you enable Azure Security Center for your deployment and give it a few minute or hours to assess your deployments, then you’ll see the level of usefulness Azure Security Center provides.
I don’t want this article to be a TL;DR – so let’s just take a quick look at the components I’ve talked about so far. In the future we’ll drill down on each of the 5 areas I’ve mentioned and I’ll provide handy tips, tricks and secrets that will help you get the most out of Azure Security Center and make you the most popular person at your next MCSE cocktail party. 🙂