SSW Foursquare

Rules to Better Cloud Security - 3 Rules

  1. Do you know the best way to manage your Azure Security posture?

    Azure Security Center is a fantastic way to start improving the security of your Azure environment. To be able to see any of the information Azure Security Center can provide, you'll need to follow Azure Security Center permissions guidelines.

    azure security 1

    The Secure Score provides a way to easily identify which things are of greater importance and to help work methodically to improve security.

    A lot of the recommendations are very simple to rectify, often it takes very little effort to make significant improvements.

    Note: Remember though, that only you as the application developer can know how sensitive the data you are handling is.

    azure security 2

    If you are working with a system that must comply with a regulatory framework around data protection, Azure Security Center allows turning on security policies covering many of the most common regulatory frameworks. PCI DSS 3.2.1, ISO 27001 and SOC TSP are all available, and there's a long list of others.

    azure security 3

  2. Do you have alerting for Azure Security Center?

    Once your environment is secured sufficiently you need to configure some alerting.This will ensure that any changes either due to changes in your Azure deployment or more importantly improved scanning in Security Center result in you being alerted so that your infrastructure can be better secured.

    azure security center alert
    Figure: To configure alerting try this

    You can then set up the Action to notify you. There're all sorts of filtering functionality as well.

    Set up alerting on at least the Security Center recommendations and Threat Detection alerts. If you need to comply with a regulatory framework, then it's important to add an alert for that too (this is the 3rd of the Security Center data types), so that you can avoid compliance failures.

  3. Do you regularly review your security posture?

    As things change, you should schedule a regular review of security posture. This should involve reviewing whether the current policy is appropriate. Consider the following:

    • Whether there are any outstanding alerts
    • Changes in the nature of the data you are storing that might require further policy adjustment
    • Compliance is now required with a new regulatory framework
    • How regularly this should be reviewed (quarterly is recommended)
We open source. Powered by GitHub