Azure Security Strategies you ought to know

Yeah, okay

Okay, so let me start, start setting, I'm setting my screen and Nick, you could see my presentation, right

Yes, I can see. Okay, so guys, let's start and in between, I think you could go maybe on listen more

But once you get a time as Nick requested, you can type, thank you

So here, Azure security defenses you ought to know. This is very interesting topic and nowadays as enterprise are moving towards the cloud

We know we still have that kind of hesitation. We have some kind of not that confidence which we gather on on-prem

from couples of decades like how my data is secure what is gonna be where my

data will stir and that kind of questions I also encountered day today when I

do consulting when I speak to a different public sectors they have that kind of

a geographical limitation be political limitation if that's a geographical It means you know one country don't want it data to be stored in another country

For example if I'm working with Canadian public sector or government sector they don't want me

I will use data center that is maybe in Europe or maybe outside Canada

That's not allowed that's not allowed that's not a though it cost us less but that's not recommended so we will look or what other defense we

have available and we will take it forward from there so why my screen is not

coming here

So security is for everyone job. If I talk about security, security is for everyone

Security is not limited or restricted for any specific department. Earlier we think whenever we develop a code, I'm coming from a background of development

So whenever I write a very beautiful code, very beautiful application, I think, hey, I did my job

my job my application is running perfectly fine I all functionality is working I

hardly pay any attention to security however that's the note case security is

not limited or restricted up to a specific department like these wonderful guys

right they are there in the market to ensure the security however for IT I

I don't think that's gonna be, you know, a good idea. That's not at all a good idea, right

In IT, we have to ensure what we are doing, how my data is secure

If I have written very good application, very, very good application, and it's not secure

Say I have written world-best functionality, give very good user interface, very great data

and I ensure everything. the same day that application got hacked then definitely it's not going to be a

secure application so we have to take the ownership and responsibility as well

as owners if security has been compromised and we have been leveraged by

Azure to ensure the security so the question is why security is important we have a security breach multiple security breach we have

come across many cases where security has been compromised nowadays crypto jacking and crypto pirates are another cases where security has been

regularly compromising they take your data and ask you to pay in the form of

cryptocurrency you know what I mean that happened to a very good bank as well

So that is another thing where we have to plan and prepare ourselves, hey, whatever I'm working, wherever I'm working, whether it is my application or whether it is my personal website, my data is secure

We always have insider threats. We do have someone from company who is not intentionally, but say he is sitting in the Tim Horton, in

the coffee and writing some very nice code and interacting with the database, making some

query, but that guy don't know that network where you are connected on the cafe and I think

that's happened with everyone. I usually went to teams and you know whenever I have to do some work

So I also do that thing, but we don't know that network is not secure

is watching you someone have your all passwords someone could connect on your

behalf and they could manipulate or update your queries and request and response

accordingly so that is kind of another threat which we do have and this is very

common threat if we are working on any public open network I'm secure network

that is another thing accidental this may happen to end anywhere without any guilt without any regions or maybe natural maybe unnatural

but we have to ensure our data is secure if our data is secure then probably

we could say hey our data is secure and we could mitigate any accidental case

for example if there is a tsunami or there is earthquake we could mitigate

that scenarios by replication of our data we could replicate our data maybe on

the different geographical location maybe on different Jones so that is the

power we have from cloud we have corporate has been on nice right that is also not

something which never happened and which will not happen so we should consider

that kind of scenario where we are considering hey we found someone in the

organization that is actually not working for the organization and he is

working or she is working for some another organization from cloud we could

leverage ourselves with debt as well ransomware is the another case and

Haleo I could see your message Could you type your location as well

Thank you. So another is the denial of services. This is a very beautiful pattern and services offered by Microsoft

Which, by which you leverage yourself with the patterns of, thank you earlier

of common security threats for example if your storage is being hammered by someone with

the different different patterns different common passwords and different different options then denial of services automatically come into the picture

denial of services of artificial intelligence powered pattern which understand hey this guide not seems to be a regular or authentic guy

For example, if I have logged into my Azure portal from CESCATS phone and very next instance, I try to log in my Azure portal, say, from Europe or from Africa, then Azure portal will understand, well

denial of services or artificial intelligence will understand hey it seems something dicey right you have to validate your authentication can I send you

password or can can I send you SMS or could you validate on email that kind of

things is also there and we do have a reputation where we have good friends who

are working across different companies ex-employee can be the friend of why employee and both are working on the companies which are really not in good relationships

So that kind of thing also happened and that's why owing to all these eight scenarios, we have to never compromise our security

We have to work our level best to ensure we are doing base security. There are some offerings from Microsoft

well where we could understand yeah these are the some of the scenarios so

cloud native earlier we were thinking cloud net being IT guy what is my

understanding we were thinking application and services that automate and integrate the concept of continuous delivery microservices containers and

serverless but that's not for cloud native we could say it's not not

copying everything from your traditional data center to another data center it's

very beyond that we couldn't say if we are saying cloud native I'm a cloud

guy I'm only concern about you know migration of data now that's not the case

we have a lot of options we could write our application we could deploy our

application we could ensure the security we could work on various all software

software development lifecycle. So we have to think about being this and we could say

hey, we need to migrate our data. That's one thing, but I could deploy my application

I could deploy my fire while. I could deploy my VPN and I could work around it

So that's one of the beautiful case of it. And whenever we talk about the cloud security and you know

Then we are saying about confidentiality, integrity and availability. All these factors are the part of Azure Cloud Platform where we are confidential

We are not going to share any data to anyone. If it's your data, even a Microsoft employee can't access your data and their data center

is more like a jail, right? it's you don't find any rack or any USB port where you could plug and play or

any front-end TV or monitor is there no that's not available another thing

is the availability as a Microsoft we ensure data is available every time to

everyone it's available every time if there is natural disaster if there is

the some geological disaster if there is the regional disaster we ensure we have

copy of your data we ensure if you lose your data on a particular location your

business is still running your data could be make available within fraction of

minutes at most and you could access your data from there and we have very

sound foundation on the integrity as well. So that's what we are offering. We have re-silence, improve ability. We are ensuring we have confidentiality of ability and integrity things. So being said, let's jump into Azure advisor. There are a couple of offerings which you could leverage yourself. I will discuss I think if time allowed two to three offerings today and maybe take a

on another offerings later on. So first is the Azure advisor. If you are a Azure guy and you have Azure portal

I know a couple of guys who are in session, you know, we have common Azure background

So if you want to ensure your security, so we have this guy advisor, you could write here as well

as well and type advisor. As well as you type advisor, you will lend it

to a left-hand panel here. And here, Azure advisor will give you

recommendation on the basis of your resources, on the basis of performance

So this is my advisor. Here, I would like to show you guys

I don't have a lot of resources available here. because whenever I perform any demo or whenever I perform any tech talk I deleted

those resources I don't need those resources so I have seven resources and it's

advisor giving me suggestions on the basis of seven resources so as per

advisor I have one resource impacted so it's say it this is the law

impact and Azure services to affect me it is on one subscription and let's see the

description by going here I'm here it's a on Microsoft has your subscriptions

health alert is there what I want to do postpone dismiss or implement so I do

do have that option I click again to understand what is basically this Azure

Service Health Alert is and I will say alert target is for Azure sponsorship

it's for 148 services are selected reason is not selected I could select the

region maybe Canada Central

Here you go and service health criteria is three and I could say enable rule upon creation or

Don't enable rule creation I could create some action group as well where I have option to create action group what need to do do I need to send some notification do I need to send some emails and

etc so I'm not doing that at this demo I could select it I could either

postpone it for a week or a month or a couple of weeks right or I could also

implement this security so that's up to me that is the Azure monitor this is

very good tool available by Microsoft so if you are using your Azure resources any point of time you could use this advisor recommendation you could look or keep looking over and what they are saying this is come under higher ability area under security I have six recommendations and these recommendations are very high impact on my resources so I could go over here okay I could say what this recommendation is it prevent potential security bridges it really needs right it really look very impacted it it could impact me on larger extent so over

here I could go and say what is my score out of four resources three are

unhealthy resources so I have three high severity recommendations one medium severity recommendation and this recommendation is from my storage

blog storage and database one is for identity access it gives me score as well

if I implement this security enable multiple authentication access account then I will

get 50 credit it means my total score security score or total resources score will increase by 50

I could implement it or I could say, if I go here, I could say, okay, I will implement later

Another is the enable auditing for SQL server. It gave me options as well

What I need to do, if I click over here, it will say, hey, you did not implement it the auditing

on US SQL server to track the database, right? So what I could do, I could go here

And it will say here, I need to go and implement under auditing

As soon as I turn it on, as I turn it on

it, my auditing destination, be secure it will be now auditing mode as soon as I will do that my recommendation

my score will be increased so that implementation has been implemented another

is the fellow security center recommendation let's look over this recommendation what it's saying so one is it designated more than one honor of

your subscription. I say I have more than one owner on my subscription. Let's go

back and look here and it's giving me five secure score. So my score will

increase by five. And as soon as I click it, I have same option to go to next

step and implement it. Let me take a point guys I'm very very thirsty so I have this access control I could implement it

role assignment I could add and implement that security recommendation so this I'm very impressed by this as your advisor tool it gave me options

about security I don't have any option about recommendation on performance, neither on cost

Boohoo, I'm super happy. I'm not paying a lot of amount for my resources

And overall, I have seven recommendations, which is impacting four resources out of these seven

six are high impact recommendation, and one is the low impact recommendation

So this is the beauty of the as your advisor I could download it has a PDF I guess I already downloaded yes I

could open it and I could read from here what this security is what I need to do

what I need to implement is and what are the potential benefit like get notified

manager services you to affect your prevent potential breaches prevent potential security bridge is more on security bridges one is on the mine one

subscription one is on two subscriptions so I'm getting a lot of information we could

download it has CSV file as well so this is about Azure advisor I will

recommend you guys to try it and then let's go to another tool so another is

the Azure Security Center as your security center is from a Hile available to us and I

think everyone of us have touch base it if you not touch base it till yet I think

this is going to be a good good idea right I will also also follow it is nice

to keep looking or over your resources where you are working If you are finding some security recommendation take it seriously guys it may impact you

It will save us possible hacking like because a cloud security is different right it's we have complete infrastructure

visibility we have complete threat monitoring and that's the beauty We don't have to implement our security compliances from scratch. We already we could leverage ourselves from

the learning pattern of the Microsoft they have a vast resources where they are

managing the resources and they are encountering a day by day about the various

hackers who team of hackers and you know various security compliances so if

we are you are using Azure Security Center which I'm just going to share

we it's not a specific one guy or one team or couple of teams inputs it is input from a lot of learning lot of resources

lot of companies they share hey we feel our data is you know having compromise

or attack and whenever data is compromise or attacked we should consider it

may be some teams of very expert guys like you or it may be

team of spotted by some country that is another thing we have to consider if a country

want to access some data they have a lot of teams they have a lot of guys

they have resources they have all the facilities and to mitigate those kind of

threat in real scenario as your security center is really one of the best thing

I feel I could rely on and let's look at your security center and then what they are saying

So this is the security center. It's on my left panel. If you want to use, you have also your option to write security center

And you could find it security center. But I'm going on my left side over here

I'm clicking on security center and then this guy will come up it will take a while to

scan my whole resources it will give me different options I could see here policy and compliance is my secure

score is two or five out of two 90 that's not too bad I I guess

it means I I'm taking care of my resources on cloud in a better way right but I will also understand

there are four recommendations available to me which I need to implement we

did implement one recommendation earlier so my security not too bad if you want

to understand about your secure score you could go over here you could understand okay we are you are getting what score I getting and under identity and access I couldn create up to two to five I getting

35 out of 35 in networking hey hey that's great about data and storage I do

not have any score that's bad I I think ideally have to look at a thing and

compute and apps have zero score so I could improve my score and the recommendation is enable multi-factor

authentication for account with owner this is the top recommendation which gave me 50 points if I click over here I have enabled MFA for account

and owner permission for your subscription if I implement it I will get 50 score

and I could implement directly from here I have to enable multiple factor

authentication where I could see hey these are the things I need to do and I

have to select it and add multiple factor assignment at role assignment and

once I did role assignment time right here so I could do deny assignment as

well I could define roles the various roles where I could specify the other

role son a role you could add anyone well not anyone apparently but your

was say maybe satya if I'm working on Microsoft your owner or your team on

different role but remember guys don't give honor permission to anyone not to

anyone give them contributor reader permission never give anyone any one any

permission of honor no that's not a good idea not at all so well here we have

option to enable MFA I'm not doing that right now because after this demo

another demo probably I will destroy my resources and then I I could enable

auditing on SQL server give me a second I'm super thirsty and enable transparent data encryption so if I implement all these

recommendations my score score will be 290 which is the best score and once I

have kind of say 80% to 90% of score I could say hey I take care of maximum

security compliance is or maximum recommendation I could sleep very well and I could

look at here this tab is very favorite tab of mine whenever I'm at work I keep

looking threat protection it will say do I have any security alert does someone

from say Africa or Nigeria or any geography or any geographic location where nobody from my team or organization exists try to connect my

resources if I found some threat protection it understand as your understand that protection it will say okay this is not gonna be expected

behavior so I'm I'm taking a pose you validate your identity so different

patterns different flow come into the picture so I don't have any security

alerts and here if you didn't started you could start your Azure Security

Center subscription which is free for 30 days you could look over your coverage

what you are coverage you are doing like your coverage in terms of the

subscription I'm using my visual story enterprise subscription is totally covered I have defined owners and you know so you could do coverage on the

basis of your subscription basis of if you have more than one subscription you could

cover those subscriptions where you are exposing your resources you have secure score

secure policy etc we could secure to hygiene implemented on data and storage

compute and apps you could see various related and affected resources or there and we

have some security solutions as well so another very great thing which is

coming into the picture this is on the preview that is a playbook you could

implemented I implemented the Puck demo for Azure Security Playbook if some

resources some guys some state actor or maybe some hackers want to access my

resources how I'm gonna to be react on that I would like some email to be

sent some notification or completely block out dropping that resource deleting that resource at

So I had that display for demo for Azure security which is which is basically

securities thing and I could use you know various version various workflow

setting and here I could add logic app which Nick was also mentioning you know

what I need to do in that case of scenario and what access key I would like to provide what alert I need in that case so this is in

preview but it's really a very good feature keep looking keep explode that

feature it's provide me log and diagnostic as well so with that I think I'm all

set with my 40 minutes I have whatever I need to discuss today I had

discussed about Azure Security if you want to learn more about Azure Security there are a couple of channels where you could connect me

you could connect me on my website which is the Pocosic.com you reach or

there contact me I'm super happy to help you with consulting and you know if your organization

required any Azure or cloud related details I will love to discuss with you

guys just go to my website click contact send me email or you could also

contact me by Twitter my Twitter handler is think for the book you could

me over there as well and I'm super happy to connect to you guys on LinkedIn as well

so usually I'm very active on LinkedIn and Twitter so that is my favorite

area where I would love and you know to connect so you could come to my website

look over various resources I have a lot of you could look over in January 3 December every month wise you could look or

articles if they are meeting your requirement or is if that is something you

want to discuss I'm super happy to connect to you guys but if that is not what you

are looking for don't hesitate to connect me I will love to share my two

cents I will love to discuss we could plan a meeting and you know we

could connect. So that's