Академический Документы
Профессиональный Документы
Культура Документы
Request
Blog a Demo
Contact
POPULAR POSTS
Gartner’s CASB Magic
Product Customers Partners Resources Company
Request
Quadrant a Demo
is Finally Here
Common Questions
Enterprises Are Asking
O ce 365 Security
Concerns: Download
2
SHARES
51 AWS Security Best
Practices
VIEW ALL
By Leah Dekalb
Infrastructure-as-a-Service (IaaS) adoption continues its upward trend as the fastest growing public cloud segment.
Not surprisingly, in Microsoft’s latest Security Intelligence Report from 2017, cloud service users saw a 300% year-
over-year increase in attacks against them, with over a third of attacks against Azure services in particular
originating from China.
With the rapid adoption of IaaS providers like Azure, the threat environment has evolved, but with the right
preparation, any company can implement cloud security practices for services that signi cantly reduce the
potential impact of an attempted breach.
While Microsoft provides security capabilities to protect enterprise Azure subscriptions, cloud security’s shared
responsibility model requires Azure customers to deliver security “in” Azure. Below are best practices, derived from
customers and Center for Internet Security (CIS) recommendations for 7 critical areas of security in Azure that
everyone must follow to ensure their Azure subscriptions are secure.
https://www.skyhighnetworks.com/cloud-security-blog/73-azure-security-best-practices/ 1/6
9/2/2018 73 Azure Security Best Practices Everyone Must Follow | Skyhigh
Request a Demo
POPULAR POSTS
Gartner’s CASB Magic
Quadrant is Finally Here
Download this eBook to learn about Azure security challenges, detailed best practices around
O ce Azure and
365 Security
applications deployed in Azure, and how CASBs can secure your Azure infrastructure. Concerns: Download
De nitive Guide to O ce
365 eBook
2 Download Here
SHARES
51 AWS Security Best
Practices
1. Security Policy
Cloud Market Share 2018:
Ensure that ‘OS vulnerabilities’ is set to on. AWS vs Azure vs Google –
Who’s Winning?
Enable OS vulnerabilities recommendations for virtual machines. When this setting is enabled, it analyzes operating system
con gurations daily to determine issues that could make the virtual machine vulnerable to attack. The policy also recommends
VIEW ALL
con guration changes to correct these vulnerabilities.
Ensure that users can consent to apps accessing company data on their behalf’ is set to no.
Require administrators to provide consent for the apps before use. Until you are running Azure Active Directory as an identity
provider for third-party applications, do not allow users to use the identity outside of your cloud environment. User’s pro le
https://www.skyhighnetworks.com/cloud-security-blog/73-azure-security-best-practices/ 2/6
9/2/2018 73 Azure Security Best Practices Everyone Must Follow | Skyhigh
×
information contains private information such as phone number and email address which could then be sold o to other third
Register
parties without requiring forconsent
any further our upcoming event:
from the user. The CASB Insider Webcast
Request a Demo
POPULAR POSTS
3. Storage Accounts Gartner’s CASB Magic
Quadrant is Finally Here
Ensure that ‘secure transfer required’ is set to enabled.
Enable data encryption is transit. The secure transfer option enhances the security of your storage account by only allowing
CASB RFP Template: 200+
requests to the storage account by a secure connection. For example, when calling REST APIs to access your storage
Common accounts, you
Questions
Enterprises
must connect using HTTPS. Any requests using HTTP will be rejected when ‘secure transfer required’ is enabled. When Areyou
Asking
are using
the Azure les service, connection without encryption will fail, including scenarios using SMB 2.1, SMB 3.0 without encryption, and
2
some avors of the Linux SMB client. O ce 365 Security
Concerns: Download
Ensure that ‘storage service encryption’ is set to enabled. De nitive Guide to O ce
365 eBook
Enable data encryption at rest for blobs. Storage service encryption protects your data at rest. Azure storage encrypts your data as
2
it’s written in its data centers, and automatically decrypts it for you as you access it.
SHARES
51 AWS Security Best
Practices
4. SQL Services
On SQL servers, ensure that ‘auditing’ is set to on. Cloud Market Share 2018:
AWS vs Azure vs Google –
Enable auditing on SQL Servers. Auditing tracks database events and writes them to an audit log in your Azure storage account. It
Who’s Winning?
also helps you to maintain regulatory compliance, understand database activity, and gain insight into discrepancies and anomalies
that could indicate business concerns or suspected security violations.
VIEW ALL
5. Networking
Disable RDP access on network security groups from internet.
The potential security problem with using RDP over the Internet is that attackers can use various brute-force techniques to gain
access to Azure Virtual Machines. Once the attackers gain access, they can use your virtual machine as a launch point for
compromising other machines on your Azure Virtual Network or even attack networked devices outside of Azure.
https://www.skyhighnetworks.com/cloud-security-blog/73-azure-security-best-practices/ 3/6
9/2/2018 73 Azure Security Best Practices Everyone Must Follow | Skyhigh
Disable Telnet (port 23) access on network security groups from internet.
Register
Disable unrestricted access for our
on Network upcoming
Security event:
Groups (i.e. TheonCASB
0.0.0.0/0) Insider
TCP port 23 andWebcast
restrict access to only those IP addresses
×
that require it in order to implement the principle of least privilege and reduce the possibility of a breach. TCP port 23 is used by the
Register
Telnet server application (Telnetd). Telnet is usually used to Now a client is able to make TCP/IP connections to a particular
check whether
service.
Product Customers Partners Resources Company
Request a Demo
POPULAR POSTS
6. Virtual Machines
Gartner’s CASB Magic
Quadrant is Finally Here
Install endpoint protection for virtual machines.
Installing endpoint protection systems (antivirus/anti-malware) provides real-time protection capability that helps identify and
remove viruses, spyware, and other malicious software, with con gurable alerts when known malicious or unwanted software
CASB RFP Template: 200+
Common Questions
attempts to install itself or run on your Azure systems. Enterprises Are Asking
Ensure Latest OS Patches for virtual machines. Windows and Linux virtual machines should be kept updated
O to:
ce 365 Security
Concerns: Download
De nitive Guide to O ce
Address a speci c bug or aw 365 eBook
2
Improve an OS or application’s general stability
SHARES
51 AWS Security Best
Fix a security vulnerability Practices
Do not grant permissions to external accounts (i.e., accounts outside the native directory for the subscription).
Non-AD accounts (i.e. xyz@hotmail.com) subject your cloud assets to undue risk. These accounts are not managed to the same
standards as enterprise tenant identities.
NEXT IN TRENDING
https://www.skyhighnetworks.com/cloud-security-blog/73-azure-security-best-practices/ 4/6
9/2/2018 73 Azure Security Best Practices Everyone Must Follow | Skyhigh
Request a Demo
POPULAR POSTS
Gartner’s CASB Magic
Quadrant is Finally Here
Common Questions
Enterprises Are Asking
LinkedIn
2 Twitter
Facebook
O ce 365 Security
Language Selector Concerns: Download
De nitive Guide to O ce
365 eBook
2
SHARES
51 AWS Security Best
Practices
ITAR Compliance
GDPR Compliance
Sarbanes-Oxley Compliance
GLBA Compliance
FITARA Compliance
Solutions
Cloud Data Loss Prevention
Cloud Encryption
Featured Resources
What is a CASB?
Tokenization vs Encryption
https://www.skyhighnetworks.com/cloud-security-blog/73-azure-security-best-practices/ 5/6
9/2/2018 73 Azure Security Best Practices Everyone Must Follow | Skyhigh
×
O ce 365 Bene ts
Register for our upcoming event:
SharePoint Online TheBest
Security CASB Insider Webcast
Practices
Cloud
Request a Demo
Cloud Computing Trends 2017 POPULAR POSTS
Cloud Computing Security Risks Gartner’s CASB Magic
Quadrant is Finally Here
Top Data Loss Prevention Tools?
Common Questions
Information Rights Management (IRM)? Enterprises Are Asking
SaaS Security
VIEW ALL
CASB RFP
https://www.skyhighnetworks.com/cloud-security-blog/73-azure-security-best-practices/ 6/6