Cloud hosting unlocks a level of speed 和 agility that were previously out of reach for most organizations. 借助亚马逊(Amazon)等云基础设施,, Microsoft Azure or Microsoft Web 服务 in place—also known as infrastructure-as-a-service (IaaS)—teams can move at a disruptive pace while realizing savings 和 efficiencies along the way.
IaaS的一些具体好处包括:
Azure Security is a combination of native security elements that Microsoft provides to secure an Azure cloud environment. The physical infrastructure 和 network elements fall under this protection, 具有跨身份的内置控件和服务, data, 网络, 和应用程序. 然而, as a customer you should be aware of your own responsibilities in further hardening security of the proprietary data you operate on an Azure cloud.
Azure Security Center is a central hub for monitoring security events 和 creating alerts for those events. It features threat protection for cloud workloads 和 can provide visibility into the status of your resources at any given time. It can also monitor hybrid-cloud environments that are not part of the Azure ecosystem.
虽然云托管的好处有据可查, 云安全 对许多组织来说仍然是新的. 现实是,在很大程度上, the same security considerations 和 responsibilities that exist in an 本地 environment are still present in some manifestation in the cloud as well.
One new challenge is that while the perimeter in an 本地 environment is well understood, the shifts to cloud hosting 和 cloud applications have led to perimeters becoming more ubiquitous. Cloud customers share the responsibility of security with their providers 和 should ensure these responsibilities are well understood 和 documented to avoid any relapses. Read on to learn more about securing Microsoft Azure environments or learn more about AWS 云安全 best practices.
Microsoft Azure customers will have access to some Azure 云安全 features but will also need to supplement those with their own security efforts 和 tools for comprehensive coverage. Customers have to consider securing 和 monitoring their Azure cloud computing infrastructure as well as any of Microsoft’s SaaS applications they may be using.
Like 本地 systems, it’s critical to have an underst和ing of who is accessing what 和 when. 在迁移之前, teams should not only have a plan of what this will look like initially, 但随着时间的推移,他们将如何扩展云计算. Multi-factor authentication 和 minimum access privileges are good places to start.
了解盒子里是什么也很重要. 并不是所有的包都是一样的, 不幸的是, 默认情况下,某些基本监视可能不包括或不打开. 再一次。, it’s important to ensure the scope of security coverage is well understood prior to migration 和 the appropriate plans are in place to fill any existing gaps.
就像保护任何环境一样, 保护Azure云和用户的第一步是可见性. Early detection into potentially malicious behavior is contingent on underst和ing the activity in the environment. 云日志是这种见解的最佳来源, but many teams are new to this type of logging 和 may encounter challenges when configuring these logs 和 yielding actionable insights from them.
As teams build a plan for logging in the cloud 和 determining which logs are most relevant for their Azure environment, 要确保成功,有几个重要的考虑因素.
首先,需要打开日志! Some Azure logs are enabled by default, but many others may need to be explicitly configured. Each subscription tier has different default logging configurations that may need to be adjusted to ensure the right logs are flowing. 不要做任何假设. 了解默认情况下打开哪些日志是很重要的, 配置任何可能丢失的, 和 confirm the relevant 和 expected objects are being captured in these logs.
其次,集中到事件中心. 不同的日志类型,导出数据的方法可能不同. 事件中心日志, 例如, 有时通过导出功能提供, 设置, 或配置日志时的复选框. 您必须确保日志正常运行.
第三,检查你的订阅. 再一次。, there are logging 和 configuration nuances with each subscription type. 例如, Azure Security Center access is not available in all subscription tiers, 也就是说你可能会错过这些第三方提醒. Azure Active 导演y登录和审计日志, 哪些是许多安全团队认为必须具备的, 至少需要P1或P2订阅才能启动.
With the proper configuration 和 log flow in place, teams can begin pushing this data to their 安全信息和事件管理(SIEM)工具. Azure Event Hubs are often leveraged to aggregate 和 export logs into the SIEM. 再一次。, the logs will be configured individually to flow into the Event Hub.
用a中的数据 SIEM, 您将获得Azure环境的统一可见性, but also be able to view this data alongside data from other systems in your environment. Some traditional SIEMs may not yet be able to inject these diverse datasets. 在评估现代siem时, it’s important to underst和 和 validate how your team will be able to aggregate data across cloud, 本地, 远程资产. 另外, 强大的SIEM工具将提供规范化, 相关, 和 attribution to help detect 和 track attackers as they move across these systems.
2022 Cloud Misconfigurations Report: Latest 云安全 Breaches 和 Attack Trends