Guarding the Cloud: Top three risks for your Azure security
You hold a significant responsibility for securing your Azure subscription. Here are the top three Azure security risks and how to safeguard against them.
As a consumer of Azure services, you are responsible for much of the security of your subscription. There are myriad risks you need to consider. In this blog, we delve into the top three: unauthorised access, misuse of platform access, and data breaches. Then we look at how to safeguard your Azure subscription against them.
Written by Jonathan Bailey
1. Unauthorised access to your Azure subscription
This is an oft-overlooked Azure security risk. Unauthorised access involves bad actors acquiring subscription credentials and using them to execute harmful scripts. For instance, they might run Bitcoin mining scripts, allowing them to swiftly generate Bitcoins. The challenge here is that you, as the subscription holder, are ultimately liable for any resulting costs.
If these cyber intruders utilise high cost resources, your bill will quickly escalate. Instances have been recorded where companies were confronted with invoices running into hundreds of thousands of Euro in just a few days. While Microsoft has countermeasures in place, it is still vital to be vigilant with the security of your Azure subscription.
An incident in the Netherlands that made the news this year puts this risk into perspective: a company faced an invoice of half a million Euro over just two days, although no-one in their company had run up this bill. Thankfully, Microsoft intervened and put a halt to the activities. This occurrence led to Microsoft’s official decision in March to prohibit cryptocurrency mining on the Azure platform. The prohibition enabled Microsoft to act faster in similar situations. This event, along with others of a similar nature, underscores the importance of the security of your Azure subscription.
Safeguard measures to take: Regular reviews of role-based access controls (RBAC), having a security operations centre (SOC) team reviewing risky sign-ins, and ensuring your Azure users are choosing complex passwords and storing them in well-secured password vaults goes a long way to preventing this kind of attack.
Read more about our Azure managed service
2. Misuse of Azure platform access
Another risk that Azure administrators should be aware of is misuse of platform access. Even without direct admin access, a user can potentially implement ransomware or other malware on your Azure virtual machines (VMs).
Therefore, it’s essential to consider this when strategising Azure cloud security measures. Does every user with VM login rights need them? Are they sufficiently restricted on the box itself? Are there adequate security measures in place to ensure that users cannot easily compromise your environment, even by accident?
Safeguard measures to take: Mitigate security risks by understanding that external security is only part of the equation. Assess, strategise, and create a roadmap to protect against privilege and credential theft, ensuring proper mapping of identities and entitlements.
3. Azure data breaches
While this risk extends beyond just your Azure subscription, it is nevertheless crucial to focus on securing your BreakGlass accounts, primary administrator accounts, and highly privileged project accounts. Preventing data breaches is key to your Azure cloud security so you can protect sensitive information.
Safeguard measures to take: Two key things are important here – multi-factor authentication (MFA), and restriction of management portals. A third critical tool, if it is available to you, is Privileged Identity Management (PIM).
- Multi-factor authentication: MFA is a must for all administrative roles, and should ideally also be implemented for regular users. This will ensure that unauthorised individuals are incapable of accessing your Azure subscription, even with compromised credentials.
- Restrict management portals: Make use of Conditional Access to deter unrestricted access to your management portals. By limiting access and only permitting it for authorised individuals and/or locations, you mitigate the risk of misuse and unauthorised actions.
- Privileged Identity Management: A key security consideration for organisations utilising Azure Active Directory, PIM allows administrators to closely monitor and control which users are afforded highly privileged roles. This can prove vital in a breach event, where you can be given advance notice of a compromised account trying to elevate rights, or even prevent changes entirely by enforcing a real-time approval process for all privileged accounts.
An ongoing process
It is imperative to implement these measures and frequently review the security of your Azure subscription. Mitigating security risks is a continuous process demanding absolute vigilance. By being aware of the risks and adopting appropriate security measures, you can increase the safety of your Azure subscription and greatly reduce potential harm and costs.
Worried about your Azure security? We can help.
Question?
Our specialists have the answer