The Home of the Security Bloggers Network
Home » Cybersecurity » CISO Suite »
Most cloud providers services like Microsoft Azure operate under a shared responsibility model. Azure takes care of the security ‘of’ the cloud while Azure customers are responsible for security ‘in’ the cloud.
Microsoft Azure has made platform security a priority to protect customers’ critical information and applications by taking responsibility for its infrastructure’s security. Azure detects fraud and abuse and responds to incidents by notifying customers. However, the customer is responsible for ensuring their Azure environment is configured securely and data is not inappropriately shared as well as identifying when an identity (people or non-people) misuses Azure, through enforcing compliance and governance policies.
Azure is focused on the security of the underlying infrastructure, by protecting its computing, storage, networking, and database services against intrusions. Azure is also responsible for the security of the software, hardware, and physical facilities that host Azure services. Also, Azure takes responsibility for the security configuration of its managed services such as Azure Kubernetes Service (AKS), Container Instances, Cosmos DB, SQL, Data Lake Storage, Blob Storage, and others.
Azure customers are responsible for the security “in their own cloud, or more simply put, everything that they instantiate, build and/or use. . For example, while Azure has built several layers of security features to prevent unauthorized access to Azure, including multi-factor authentication, it is the customer’s responsibility to make sure multi-factor authentication is turned on for users, particularly for those with the most extensive IAM permissions in Azure.
It is worth noting that the default security settings of Azure services are often the least secure configuration. Enhancing these initial Azure security settings, therefore, is a low-hanging fruit that organizations should prioritize as the first step to fulfill their end of Azure security responsibility. From there, they should examine the services and resources that they are using to determine what the target security levels should be, and then put a plan in place to configure their cloud as such.
The security perimeter has changed, Identity and not firewalls form your security boundaries. As enterprises continue to migrate to or build their custom applications in Azure, the threats they face are no longer isolated like the old world of on-premises applications under this new paradigm Preventing many of these threats falls on the shoulders of the Azure customer. So how are you securing your data?
Below are Azure checklists to help you govern and secure your Azure cloud, including but not limited to the following:
In an on-premises data center, the customer owns the whole stack. As you move to the cloud some responsibilities transfer to Microsoft Azure. The following diagram illustrates the areas of responsibility between the customer and Microsoft, according to the type of deployment of your stack.
For all cloud deployment types, you own your data and identities. You are responsible for protecting the security of your data and identities, on-premises resources, and the cloud components you control (which varies by service type).
Regardless of the type of deployment, the following responsibilities are always retained by you, the Azure customer:
There’s a lot to unpack here, and the truth is these are just a few of the responsibilities you need to understand when using Azure. If you have questions on the division of responsibility, cloud security, privacy ownership, policy enforcement, or how the Azure services work, don’t hesitate to reach out — Sonrai’s technical team of security experts are standing by to help.
If you are interested in learning more about best practices for other Cloud Service Providers, please check out the AWS Shared Responsibility Model Explained ebook.
The post What is the Azure Shared Responsibility Model? appeared first on Sonrai Security.
*** This is a Security Bloggers Network syndicated blog from Blog – Sonrai Security authored by Eric Kedrosky. Read the original post at: https://sonraisecurity.com/blog/azure-shared-responsibility/
The Home of the Security Bloggers Network