Filter by Category

5 Cloud Security Best Practices for Microsoft Azure

5 Cloud Security Best Practices for Microsoft Azure

Migrating company data to the cloud is often a primary goal for modern organizations. In fact, by 2018, 60% of organizations’ IT infrastructure will be cloud-based, according to IDG’s Enterprise Cloud Computing Survey. Cloud infrastructure comes with many benefits, including—but not limited to—reducing IT budgets, improved data security, endless opportunities for application integration, and worldwide accessibility with mobile devices.

Cloud provider Microsoft Azure markets themselves as “a growing collection of integrated cloud services that developers and IT professionals use to build, deploy, and manage applications through our global network of datacenters.” If you’re getting ready to move your data to Microsoft Azure or already have, here are five best practices for Azure we recommend to get the most out of your cloud security:

1. Encrypt data at the file level

Regardless of whether your databases and folders are encrypted, and regardless of the storage location, you should always encrypt your information at the file level. This ensures protection for internal and external data, both in transit and at rest.

It’s vital to ensure you’re using trusted encryption technologies to secure your data in the cloud. Consider implementing a secure cloud file transfer or managed file transfer (MFT) solution that protects folders with AES 256-bit encryption, as well as encrypts file transfers over AS2, FTPS, HTTPS, SFTP, and SCP protocols using SSL and SSH. Enterprise MFT solutions, like GoAnywhere MFT, offer a FIPS 140-2 Compliance Mode for organizations who must use FIPS 140-2 compliant ciphers for their encryption processes.

Want to implement these practices in your environment? Some solutions, including GoAnywhere MFT, are available in the Microsoft Azure Cloud Marketplace, making it quick and easy to get started with secure cloud file transfers in your organization.

2. Protect your data with SQL data encryption

You already know you should encrypt your files in transit and at rest. But did you know you should also use SQL data encryption for the cloud? SQL data encryption protects your entire database, any backups you have, and logs with sensitive information.

Interlink, a System Integrator for Microsoft’s cloud solutions, writes that when leveraging SQL data encryption, the “data remains encrypted...all the time to help you protect sensitive data. Data is encrypted in transit, in memory, on a disk, and during query processing.” Other highlights of using Microsoft Azure’s SQL data encryption include the ability to enable threat detection and dynamic data masking.

As of May 2017, Microsoft Azure will automatically encrypt new Azure SQL databases with TDE (Transparent Data Encryption), which protects your data at rest. This offers a great layer of security, but make sure to protect your databases in other ways, too, starting with old SQL databases that aren’t yet secured with TDE.

3. Monitor for strange or unauthorized activity

If you use the cloud to store your data, it’s an almost inevitable fact that many parties will have access to that information, including trading partners, third party vendors, and key stakeholders. In fact, many see this as beneficial, as cloud storage allows these parties to connect to their accounts worldwide, without being limited to physical locations or internal networks.

Cloud storage providers like Microsoft Azure work tirelessly to secure their infrastructure. According to BizTech Magazine, “Microsoft invested roughly $1 billion in security during 2015 and doubled the number of security executives on its team during that same period. It focused on three key areas of Azure security: design and operational security; encryption; and identity and access management.”

While interest in data protection is a huge focus for Microsoft Azure, you should still run audits and reports often to monitor for strange or unauthorized activity. Deploy a tool like GoAnywhere Managed File Transfer, which can track detailed audit information and generate audit logs of file transfer and administrator activity, then review the logs for anything that seems out-of-the-ordinary.

Or simply use Azure’s audit and log capabilities to do the following:

  • Create an audit trail
  • Perform centralized analysis of large data sets
  • Monitor access and usage reporting
  • Export security alerts to on-premises SIEM

You can read more about Microsoft Azure’s audit and log features here.

4. Create and automate a cloud backup policy

The thought of losing carefully monitored data to an outage or natural disaster is enough to keep most IT professionals awake at night (we all remember the chaos of the 2017 AWS outage). To ensure your data is protected wherever it’s stored—the cloud, on-premises, with customers—and finally catch those Zzzs, create a backup policy for your organization. Once the policy is up and running, implement automated backups that save secure copies of the cloud to at least two different geographical locations.

For Microsoft Azure users, a tool like Azure Backup “gives you cost-efficiency and minimal maintenance, consistent tools for offsite backups and operational recovery, and unified application availability and data protection.” They save frequent copies of your data to two of their datacenters, one in the United States and one in Asia. Microsoft Azure can also fulfill needs for data replication and site recovery in case your systems go down.

5. Implement Azure Role-Based Access Control (RBAC)

If you haven’t already, we highly suggest you implement Azure Role-Based Access Control in your organization. RBAC is the practice of only giving accounts, groups, users, and roles access to the portions of the cloud they actually need. Without RBAC in mind, you may be giving users more permissions than their job responsibilities require, which can open you up to internal and external security risks.

Why is role-based access control so important? “With an RBAC system in place, organizations are better positioned to meet their own statutory and regulatory requirements for privacy and confidentiality ... as well as requirements imposed by external funders and government agencies,” writes Cait Abernethy of Sparkrock. “RBAC also reduces IT service and administrative costs as entering new hires becomes faster and easier, as does "lockdown" of accounts when employees depart or are terminated.”

Protect Your Microsoft Azure File Transfers with Managed File Transfer

GoAnywhere MFT integrates with Microsoft Azure in a variety of ways. To learn how GoAnywhere can meet your cloud needs, view our Microsoft Azure Blob Storage overview or focus on the features with a personalized demo.

Request a Demo

Latest Posts

What is SOC 2 and Why it Matters for Security

December 2, 2021

What is SOC 2, and does it apply to your organization? Discover the SOC 2 security compliance requirements, and how you can meet them.

What is Zero Knowledge Encryption?

November 30, 2021

Encryption holds the key to securing sensitive data. Learn a bit about zero knowledge encryption as well as the secure options a managed file transfer solution offers.

What is the DROWN Attack?

November 24, 2021

The DROWN Attack is a serious vulnerability that affects HTTPS and other servers that rely on SSL/TLS. Learn more about it in our blog and how to know if your server is vulnerable.

Developing a Plan for Data Risk Management

November 18, 2021

Does your organization have a data and risk management strategy in place? Here’s what to watch for and how you can develop a data risk management plan.

What Are Self-Service MFT Capabilities?

November 16, 2021

Self-service MFT capabilities help to provide more visibility into data movements through the use of the Business Activity Monitoring Dashboard (BAM). Learn more about BAM in our blog.