Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Mastering Azure Security

You're reading from   Mastering Azure Security Keeping your Microsoft Azure workloads safe

Arrow left icon
Product type Paperback
Published in Apr 2022
Publisher Packt
ISBN-13 9781803238555
Length 320 pages
Edition 2nd Edition
Tools
Arrow right icon
Authors (2):
Arrow left icon
Mustafa Toroman Mustafa Toroman
Author Profile Icon Mustafa Toroman
Mustafa Toroman
Tom Janetscheck Tom Janetscheck
Author Profile Icon Tom Janetscheck
Tom Janetscheck
Arrow right icon
View More author details
Toc

Table of Contents (15) Chapters Close

Preface 1. Section 1: Identity and Governance
2. Chapter 1: An Introduction to Azure Security FREE CHAPTER 3. Chapter 2: Governance and Security 4. Chapter 3: Managing Cloud Identities 5. Section 2: Cloud Infrastructure Security
6. Chapter 4: Azure Network Security 7. Chapter 5: Azure Key Vault 8. Chapter 6: Data Security 9. Section 3: Security Management
10. Chapter 7: Microsoft Defender for Cloud 11. Chapter 8: Microsoft Sentinel 12. Chapter 9: Security Best Practices 13. Assessments 14. Other Books You May Enjoy

Understanding Azure security foundations

Overall, we can see that with Microsoft Azure, the cloud can be very secure. But it's very important to understand the shared responsibility model as well. Just putting applications and data into the cloud doesn't make it secure. Microsoft provides certain parts of security and ensures that physical and network security is in place. Customers must assume part of the responsibility and ensure that the right measures are taken on their side as well.

For example, let's say we place our database and application in Microsoft Azure, but our application is vulnerable to SQL injection (still a very common data breach method). Can we blame Microsoft if our data is breached?

Let's be more extreme and say we publicly exposed the endpoint and forgot to put in place any kind of authentication. Is this Microsoft's responsibility?

If we look at the level of physical and network security that Microsoft provides in Azure data centers, not many organizations can say that they have the same level in their local data centers. More often than not, physical security is totally neglected. Server rooms are not secure, access is not controlled, and many times there is not even a dedicated server room, but just server racks in some corner or corridor. Even when a server room is under lock and key, no change of management is in place, and no one controls or reviews who is entering the server room and why. On the other hand, Microsoft implements top-level security in its data centers. Everything is under constant surveillance, and every access needs to be approved and reviewed. Even if something is missed, everything is still encrypted and additionally secured. In my experience, this is again something that most organizations don't bother with.

Similar things can be said about network security. In most organizations, almost all network security is gone after the firewall. Networks are usually unsegmented, no traffic control is in place inside the network, and so on. Routing and traffic forwarding are basic or non-existent. Microsoft Azure again addresses these problems very well and helps us have secure networks for our resources.

But even with all the components of security that Microsoft takes care of, this is only the beginning. Using Microsoft Azure, we can achieve better physical and network security than we could in local data centers, and we can concentrate on other things.

The shared responsibility model has different responsibilities for different cloud service models, and it's sometimes unclear what needs to be done. Luckily, even if it's not Microsoft's responsibility to address these parts of security, there are many security services available in Azure. Many of Azure's services have the single purpose of addressing security and helping us protect our data and resources in Azure data centers. Again, it does not stop there. Most of Azure's services have some sort of security features built-in, even when these services are not security-related. Microsoft takes security very seriously and enables us to secure our resources with many different tools.

The tools available vary from tools that help us to increase security by simply enabling a number of options, to tools that have lots of configuration options that help us design security, to tools that monitor our Azure resources and give us security recommendations that we need to implement. Some Azure tools use machine learning to help us detect security incidents in real time, or even before they happen.

This book will cover all aspects of Microsoft Azure security, from governance and identity, to network and data protection, to advanced tools. The final goal is to understand cloud security, to learn how to combine different tools to maximize security, and finally, to master Azure security!

You have been reading a chapter from
Mastering Azure Security - Second Edition
Published in: Apr 2022
Publisher: Packt
ISBN-13: 9781803238555
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image