What is Microsoft Cloud and How to Safely Migrate To It

Control. Segment. Automate.

Microsoft® Azure®, a flexible enterprise-grade cloud computing platform, helps organizations address growing data center demands, with the added benefits of agility, scalability and global reach.

Most organizations that venture into the cloud are doing so with a hybrid architecture, basically extending the corporate network into Azure via a secure connection. But what comes along with the added benefits of this approach are security challenges that are often no different from those faced within your on-premises data center. And although an Azure deployment may host fewer applications than the physical network-based counterpart, attackers do not discriminate with regard to achieving their malicious goals. As such, it is of paramount importance to protect your Azure deployments from threats.

Organizations can implement the security practices that follow to securely extend their physical data centers into the Microsoft Azure public cloud.

1. Control Access to Your Azure Deployment

As a complement to native Azure security measures, a next-generation firewall can be deployed to protect workloads and data in Azure environments.

• Set policies that grant access to the different environments based on user credentials and need
• As more workloads are deployed in the Azure cloud, more application updates are required. Instead of funneling the updates through the corporate network first, and then out to internet-based resources, implement internet gateway security policies that allow workloads to route updates directly to the internet, eliminating the first step. This increases efficiency while maintaining strict control over the applications in and out of the Azure environment.

2. Segment Your Azure Deployment for Improved Security and Compliance

Just like a physical data center, segmentation policies and application-based policies, including threat prevention techniques, can be used to stop attacks from gaining access to your workloads and block them from moving laterally across workloads.

• Apply segmentation to improve security by establishing application-based policies that force the application to operate on its default ports. Implicitly enforce the “deny all else” premise that a next-generation firewall is based on to reduce the attack surface area.
• To maintain compliance, segmentation policies allow you to control application communication across different subnets, and between VNets, while keeping them separate from your data sources.

3. Streamline Management and Automate Your Azure Deployments

A key benefit to cloud computing is the ability to be more agile, responding quickly with feature updates or entirely new application deployments through automation.

• A centralized network security management system can help to ensure policy consistency and cohesiveness across physical and virtual firewall deployments.
• Automation in the form of bootstrapping and dynamic policy updates enable security to keep pace with the business by helping to alleviate bottlenecks resulting from the controlled update process.

To learn more, read the Securing Your Microsoft Environment whitepaper.