Migrating company data to the cloud is often a primary goal for modern organizations. In fact, by 2018, 60% of organizations’ IT infrastructure will be cloud-based, according to IDG’s Enterprise Cloud Computing Survey. Cloud infrastructure comes with many benefits, including—but not limited to—reducing IT budgets, improved data security, endless opportunities for application integration, and worldwide accessibility from anywhere with mobile devices.
Cloud provider Microsoft Azure markets themselves as “a growing collection of integrated cloud services that developers and IT professionals use to build, deploy, and manage applications through our global network of datacenters.” If you’re getting ready to move your data to Microsoft Azure or already have, here are five best practices for Azure we recommend to get the most out of your cloud security:
Regardless of whether your databases and folders are encrypted, and regardless of the storage location, you should always encrypt your information at the file level. This ensures protection for internal and external data, both in transit and at rest.
It’s vital to ensure you’re using trusted encryption technologies to secure your data in the cloud. Consider implementing a managed file transfer solution that protects folders with AES 256-bit encryption, as well as encrypts file transfers over AS2, FTPS, HTTPS, SFTP, and SCP protocols using SSL and SSH. Enterprise managed file transfer solutions, like GoAnywhere MFT, offer a FIPS 140-2 Compliance Mode for organizations who must use FIPS 140-2 compliant ciphers for their encryption processes.
You already know you should encrypt your files in transit and at rest. But did you know you should also use SQL data encryption for the cloud? SQL data encryption protects your entire database, any backups you have, and logs with sensitive information.
Interlink, a System Integrator for Microsoft’s cloud solutions, writes that when leveraging SQL data encryption, the “data remains encrypted...all the time to help you protect sensitive data. Data is encrypted in transit, in memory, on a disk, and during query processing.” Other highlights of using Microsoft Azure’s SQL data encryption include the ability to enable threat detection and dynamic data masking.
As of May 2017, Microsoft Azure will automatically encrypt new Azure SQL databases with TDE (Transparent Data Encryption), which protects your data at rest. This offers a great layer of security, but make sure to protect your databases in other ways, too, starting with old SQL databases that aren’t yet secured with TDE.
If you use the cloud to store your data, it’s an almost inevitable fact that many parties will have access to that information, including trading partners, third party vendors, and key stakeholders. In fact, many see this as beneficial, as cloud storage allows these parties to connect to their accounts worldwide, without being limited to physical locations or internal networks.
Cloud storage providers like Microsoft Azure work tirelessly to secure their infrastructure. According to BizTech Magazine, “Microsoft invested roughly $1 billion in security during 2015 and doubled the number of security executives on its team during that same period. It focused on three key areas of Azure security: design and operational security; encryption; and identity and access management.”
While interest in data protection is a huge focus for Microsoft Azure, you should still run audits and reports often to monitor for strange or unauthorized activity. Deploy a tool like GoAnywhere Managed File Transfer, which can track detailed audit information and generate audit logs of file transfer and administrator activity, then review the logs for anything that seems out-of-the-ordinary.
Or simply use Azure’s audit and log capabilities to do the following:
You can read more about Microsoft Azure’s audit and log features here.
The thought of losing carefully monitored data to an outage or natural disaster is enough to keep most IT professionals awake at night (we all remember the chaos of the 2017 AWS outage). To ensure your data is protected wherever it’s stored—the cloud, on-premises, with customers—and finally catch those Zzzs, create a backup policy for your organization. Once the policy is up and running, implement automated backups that save secure copies of the cloud to at least two different geographical locations.
For Microsoft Azure users, a tool like Azure Backup “gives you cost-efficiency and minimal maintenance, consistent tools for offsite backups and operational recovery, and unified application availability and data protection.” They save frequent copies of your data to two of their datacenters, one in the United States and one in Asia. Microsoft Azure can also fulfill needs for data replication and site recovery in case your systems go down.
If you haven’t already, we highly suggest you implement Azure Role-Based Access Control in your organization. RBAC is the practice of only giving accounts, groups, users, and roles access to the portions of the cloud they actually need. Without RBAC in mind, you may be giving users more permissions than their job responsibilities require, which can open you up to internal and external security risks.
Why is role-based access control so important? “With an RBAC system in place, organizations are better positioned to meet their own statutory and regulatory requirements for privacy and confidentiality ... as well as requirements imposed by external funders and government agencies,” writes Cait Abernethy of Sparkrock. “RBAC also reduces IT service and administrative costs as entering new hires becomes faster and easier, as does "lockdown" of accounts when employees depart or are terminated.”
What do you think of these cloud security best practices? Are there any we missed that you found useful when implementing Microsoft Azure? Share your favorites in the comments below.
Looking for a managed file transfer solution that’s compatible with the cloud? Look no further. GoAnywhere can be deployed to Microsoft Azure and is supported on multiple operating systems. For more information, visit the GoAnywhere MFT solution page or the cloud solution page.