Cloud Security

Organization lean towards cloud is growing. Many enterprises are planning to fully deploy their infrastructure to the cloud. As an initial step they are embracing Software as a Service and extending their workload to the cloud, making it as a secondary site for compute and storage resources. Creating resources in Azure is simple, will finishes within few clicks, however if we missed few steps or rule of thumbs on provisioning resources, it might leave a loop hole which could be easily exploited. Below is the checklist for consideration to ensure that you have securely deployed your resources (VM) to Azure Cloud. Network Setup Is your network Isolated and breakdown into different zones?  Do you need to stop different zones/subnets communicating with each other?  Is Network Security Group applied?  Can you justify the need of PublicIP? How you are planning to RDP VM?  Did you have list of endpoints of Azure VM to be provisioned? Do you need all those endpoints? How secur

Network Security Group (NSG) helps to filter inbound and outbound traffic from Azure Virtual Machine and PAAS(Web and Worker Role - Classic Model). These rules can be applied on the Network Interface Card(NIC), Subnet, and in the Network Configuration Schema. It function as a mini firewall. Rules are evaluated based on the weight assigned to them. Lower weight will be evaluated first. By default, it contain at least 3 inbound (AllowVNetInBound, AllowAzureLoadBalancerInBound, DenyAllInBound) and 3 outbound rules(AllowVnetOutBound, AllowInternetBound, DenyAllOutBound). NSG can be applied using portal, PowerShell, CLI and using Template and easy way is via portal. NSG FAQ 1. How can I check if my rules are applied or not? Ans: Using the built in tool Network Watcher you can verify is rules is being applied and working or not. Remember, Network Watcher needs to be enabled before performing check. 2. How to know which rules will be evaluated first? / How priority is defined

Moving towards cloud is inevitable, however security concern and transparency issues will always push behind the implementation of the cloud in the enterprise level. Small medium business and start-up's are way forwards on exploring the opportunities provided by the cloud. Microsoft have heavily invested on securing Azure and gaining the trust of customers. In-fact, it had implemented multi-layer protection mechanism to meet the compliance requirements with national, regional, and industry specific requirement governing the collection and usages of personal data. Those layers are as follow where every layered security measured has been implemented. Network Security Database Security Storage Security  Compute Security  Operational Security  Security Management and Monitoring  Service Fabrics Security  Identity Management IoT Security  Azure Encryption