The security challenge faced by many, especially smaller-to-medium-sized organisations, is one of appropriate configuration and review. (Security vendor Trend Micro has a paper on configuration issues which can leave Azure open to attack).
One size doesn’t fit all. In fact, one size generally doesn’t even fit most. Even when doing the same kind of work, different organisations will often have radically different approaches.
And that’s fine.
What isn’t fine is firing up an Azure instance, tenant, or service and simply sticking with the standard baseline security settings. Yet this is exactly what most SMEs do when moving into the cloud.
There’s good reason for that, even if it is a risky practice. One is the sheer accessibility of those services (and the quickly appreciated utility). Put simply, getting into Azure is easy.
Then there’s the fact that the default Microsoft policy is reasonably good (it has to be, as a ‘coverall’).
The problem is that ‘pretty good’ isn’t good enough. Good defence must defend against everything, while a successful hack is a bit like a burglar making it into your home. Just one unlatched window is all it takes.
The other problem is that security expertise is in short supply. At the same time a culture of ‘she’ll be right’, and ‘it won’t happen to me’ is still prevalent. Although, with endless examples of local attacks, that mindset is diminishing!
What this means in practice is that while features like; geolocation blocking, multifactor authentication, conditional access and more are available in Azure, they often aren’t enabled in your Azure tenant.
And if that’s the case, the burglar has an open window or two, through which they might jump.
At CodeBlue, we believe every system should be hardened, secure and protected. We also believe every customer should utilise every feature / benefit, built into the software / services already paid for.
With the cloud in general, and Azure in particular, those features and benefits evolve rapidly. Your organisation and its tech requirements, too, change constantly. And so does the security landscape.
That’s why we recommend a quarterly review, with a solid focus on security. This ensures your systems are always closely aligned with business requirements. While keeping those ‘burglars’ out!