Filter by Category

5 Cloud Security Best Practices for Microsoft Azure

 

Migrating company data to the cloud is often a primary goal for modern organizations. In fact, by 2018, 60% of organizations’ IT infrastructure will be cloud-based, according to IDG’s Enterprise Cloud Computing Survey. Cloud infrastructure comes with many benefits, including—but not limited to—reducing IT budgets, improved data security, endless opportunities for application integration, and worldwide accessibility with mobile devices.

Cloud provider Microsoft Azure markets themselves as “a growing collection of integrated cloud services that developers and IT professionals use to build, deploy, and manage applications through our global network of datacenters.” If you’re getting ready to move your data to Microsoft Azure or already have, here are five best practices for Azure we recommend to get the most out of your cloud security:

1. Encrypt data at the file level

Regardless of whether your databases and folders are encrypted, and regardless of the storage location, you should always encrypt your information at the file level. This ensures protection for internal and external data, both in transit and at rest.

It’s vital to ensure you’re using trusted encryption technologies to secure your data in the cloud. Consider implementing a secure cloud file transfer or managed file transfer (MFT) solution that protects folders with AES 256-bit encryption, as well as encrypts file transfers over AS2, FTPS, HTTPS, SFTP, and SCP protocols using SSL and SSH. Enterprise MFT solutions, like GoAnywhere MFT, offer a FIPS 140-2 Compliance Mode for organizations who must use FIPS 140-2 compliant ciphers for their encryption processes.

Want to implement these practices in your environment? Some solutions, including GoAnywhere MFT, are available in the Microsoft Azure Cloud Marketplace, making it quick and easy to get started with secure cloud file transfers in your organization.

2. Protect your data with SQL data encryption

You already know you should encrypt your files in transit and at rest. But did you know you should also use SQL data encryption for the cloud? SQL data encryption protects your entire database, any backups you have, and logs with sensitive information.

Interlink, a System Integrator for Microsoft’s cloud solutions, writes that when leveraging SQL data encryption, the “data remains encrypted...all the time to help you protect sensitive data. Data is encrypted in transit, in memory, on a disk, and during query processing.” Other highlights of using Microsoft Azure’s SQL data encryption include the ability to enable threat detection and dynamic data masking.

As of May 2017, Microsoft Azure will automatically encrypt new Azure SQL databases with TDE (Transparent Data Encryption), which protects your data at rest. This offers a great layer of security, but make sure to protect your databases in other ways, too, starting with old SQL databases that aren’t yet secured with TDE.

3. Monitor for strange or unauthorized activity

If you use the cloud to store your data, it’s an almost inevitable fact that many parties will have access to that information, including trading partners, third party vendors, and key stakeholders. In fact, many see this as beneficial, as cloud storage allows these parties to connect to their accounts worldwide, without being limited to physical locations or internal networks.

Cloud storage providers like Microsoft Azure work tirelessly to secure their infrastructure. According to BizTech Magazine, “Microsoft invested roughly $1 billion in security during 2015 and doubled the number of security executives on its team during that same period. It focused on three key areas of Azure security: design and operational security; encryption; and identity and access management.”

While interest in data protection is a huge focus for Microsoft Azure, you should still run audits and reports often to monitor for strange or unauthorized activity. Deploy a tool like GoAnywhere Managed File Transfer, which can track detailed audit information and generate audit logs of file transfer and administrator activity, then review the logs for anything that seems out-of-the-ordinary.

Or simply use Azure’s audit and log capabilities to do the following:

  • Create an audit trail
  • Perform centralized analysis of large data sets
  • Monitor access and usage reporting
  • Export security alerts to on-premises SIEM

You can read more about Microsoft Azure’s audit and log features here.

4. Create and automate a cloud backup policy

The thought of losing carefully monitored data to an outage or natural disaster is enough to keep most IT professionals awake at night (we all remember the chaos of the 2017 AWS outage). To ensure your data is protected wherever it’s stored—the cloud, on-premises, with customers—and finally catch those Zzzs, create a backup policy for your organization. Once the policy is up and running, implement automated backups that save secure copies of the cloud to at least two different geographical locations.

For Microsoft Azure users, a tool like Azure Backup “gives you cost-efficiency and minimal maintenance, consistent tools for offsite backups and operational recovery, and unified application availability and data protection.” They save frequent copies of your data to two of their datacenters, one in the United States and one in Asia. Microsoft Azure can also fulfill needs for data replication and site recovery in case your systems go down.

5. Implement Azure Role-Based Access Control (RBAC)

If you haven’t already, we highly suggest you implement Azure Role-Based Access Control in your organization. RBAC is the practice of only giving accounts, groups, users, and roles access to the portions of the cloud they actually need. Without RBAC in mind, you may be giving users more permissions than their job responsibilities require, which can open you up to internal and external security risks.

Why is role-based access control so important? “With an RBAC system in place, organizations are better positioned to meet their own statutory and regulatory requirements for privacy and confidentiality ... as well as requirements imposed by external funders and government agencies,” writes Cait Abernethy of Sparkrock. “RBAC also reduces IT service and administrative costs as entering new hires becomes faster and easier, as does "lockdown" of accounts when employees depart or are terminated.”

Protect Your Microsoft Azure File Transfers with Managed File Transfer

GoAnywhere MFT integrates with Microsoft Azure in a variety of ways. To learn how GoAnywhere can meet your cloud needs, view our Microsoft Azure Blob Storage overview or focus on the features with a personalized demo.

Request a Demo

 

 

Comments (1)

  1. ST:
    Oct 25, 2017 at 04:09 AM

    Thanks for sharing these best Cloud security practices with us. Would like to see more articles on the cloud on your blog.

Add a Comment

Allowed tags: <b><i><br>

Latest Posts


The Best Cybersecurity Strategies for Banks and Financial Organizations

October 18, 2018

Banks and financial institutions, take note: though the year is almost over, no one is safe from a data breach. Industries across the board have seen 4.5 million records stolen so far in 2018—a…


What is Managed File Transfer (MFT)?

October 10, 2018

As companies recognize a need for a solution that meets their file transfer, automation, and encryption needs, the question often arises: what is managed file transfer and how is it different from my…


Why You Should Cluster Your File Transfer Systems

October 4, 2018

What’s the true cost of downtime for your organization? You may think of it in terms of lost revenue—according to studies released in the last couple years, the average cost of…


4 Healthcare Organizations that Use Managed File Transfer

September 28, 2018

Earlier this year, GoAnywhere covered five of the healthcare industry’s top cybersecurity concerns for 2018 and addressed how those risks could be mitigated. Now, almost ten months into the…


Which is Better: SFTP vs. FTPS?

September 24, 2018

How do you transfer sensitive files? Business requirements and security standards have increased in recent years across industries and continents, but many organizations have struggled to keep up.…