In this blog, we are going to cover the most important security best practices to protect your IaaS. This will be a teaser for those who are not familiar with these methods to start thinking and learning about security in Azure, and for those of you who are already implementing some of these security features reminders to continue doing so or to even pay more attention security of IaaS.
Remember, security in Azure is shared responsibility and we are responsible for how the infrastructure will be protected. Don’t allow incidents to be initiators of tidying up security but better be proactive and always have in mind that you’re responsible for the security of workloads in Azure.
Here are the topics that we are going to cover, and these best practices are already written in official Microsoft documentation, however, I was free to spice it up with my experience:
- Virtual Machines planning and deployment
- Protect Virtual Machines with Access Control (IAM)
- Endpoint protection for virtual machines
- VMs availability
- VM Updates – security patching
- Encrypt hard drives
- Network security for VM
- Just in time VM access
- Monitoring your infrastructure
Virtual Machines planning and deployment
When it comes to planning there are a lot of things considered as common sense and from my practical experience, most of the things that are “going without saying” are the place where things will fall apart. That is why I always like to start a project with proper planning, or how my ex-boss would say “Doing something without planning is equal to not doing it”. To analyze and talk to people, you might be working in IT ops or DevOps team that will be responsible for assigning access to IaaS to others or you can be requestor, doesn’t matter, always ask for planning sessions – the question is why? Well people sometimes asking for resources in cloud that is not necessarily needed, and, in most cases, they will not pay a lot of attention to security. Security is SHARED RESPONSIBILITY between cloud provider, in this case, Microsoft and you as a client: