Ignite '21 virtual event had so much to offer enterprise organizations looking to educate their teams on Microsoft Azure cloud security including the Book of News for Ignite 2021 and all Ignite sessions that you can still view here. As first-time sponsors of Microsoft Ignite, we wanted to share our key takeaways from the Azure cloud conference.
The challenge of most IT departments is not the lack of security tools, but rather knowing where to start their security hardening in their Azure environment. Vasu KJakkal, CVP, SCI at Microsoft Corporation, talks through three major areas in her session helping enterprise organizations understand their current security posture, rate their overall security posture, and measurement their workloads’ security over time with the least privilege and least access. She covers many of the security basics, but is sure to include some of the newer, more exciting security tools like Azure Temporary Access Pass and Azure Sentinel’s 30 new connectors.
The biggest takeaway from this session is that modern DevOps teams have modern security challenges. Azure cloud deployment has many advantages, but it also presents new security challenges for teams who are now moving to the cloud or operating a more robust hybrid-cloud strategy. Azure cloud infrastructure is often shared by multiple identities, making it difficult to know where data is located, who can access it, and when they last accessed it.
As a result, cloud security is a top priority for organizations in 2022. Most leaders cite it as their number one challenge in the next five years, even over other issues like compliance or governance concerns. Understanding potential security challenges is the first step in overcoming them. Here, we learned what problems DevOps teams face when trying to secure a cloud-based environment.
IT decision-makers love to invest in cloud environments such as Kubernetes, which helps you create cloud-native microservices apps. From a leadership point of view, the cloud provides extra portability and flexibility without having to commit over the long term to a single vendor. This can be more cost-effective and help companies scale more easily when it’s time to switch to a different vendor.
Despite increasing productivity and creating a more efficient cloud platform, Kubernetes and other cloud-native tools are challenging for the DevOps teams that actually have to use them. In particular, Kubernetes is a complex and less intuitive cloud security environment. In terms of infrastructure, there isn’t a separation between control and data planes. For the network, the authentication and authorization process requires expertise into creating role-based access control systems. Not all DevOps teams are well-prepared for this type of tool.
Azure cloud is a constantly changing environment. No longer can teams rely on manual security initiatives. All security systems must be dynamic to keep up with the evolving security concerns that can change minute to minute.
Quickly, the number of notifications DevOps teams receive can turn into thousands and thousands of alerts. Unfortunately, this means that these security alerts often get ignored by the IT security professionals who need them.
In addition, since alerts have equal importance when delivered as a notification, serious security issues and meaningless alerts are ignored. It’s unlikely that an IT tech will be able to find the more serious notification within the thousands of alerts. This creates a tremendous opportunity for security breaches and malicious activities, as no one is really watching.
Or Serok Jeppa, Product Manager leading Cloud Security Posture Management (CSPM) for multi-cloud in Microsoft Defender for Cloud, lead a panel on the “Cloud Security: The latest innovations to protect your multi-cloud & hybrid environments,” with fellow experts Adam Jung, Product Marketing Manager at Microsoft, and Caroline Lee Senior Sales Strategy Manager at Microsoft. In their session, they announced that Microsoft is the latest public cloud provider to introduce cloud security posture management CSPM software tools. Defender for Cloud (formerly known as Azure Security Center and Azure Defender) is a Cloud Security Posture Management and workload protection solution that finds weak spots across your Azure configuration and helps strengthen the overall cloud security posture of your environment.
This big announcement validated the big issue facing cloud security - misconfigurations. Indeed, 90 percent of organizations are susceptible to security breaches due to cloud misconfigurations, according to the “2021 Cloud Security Report: Cloud Configuration Risks Exposed”. In Microsoft’s case, the cloud security posture management feature provides Azure Security Center users with a unified view where users can gain insights into security vulnerabilities.
The session continued with Microsoft stating the goal is to centralize security across environments and help security teams work more effectively with Microsoft Defender for Cloud. Azure Security Center and Azure Defender are now unified as Microsoft Defender for Cloud service.
This big announcement validates what Sonrai Security has been saying since 2017. We know the cloud migration boom led to a data security crisis, as businesses quickly realized that they needed advanced mechanisms and processes to protect their digital environments and secure their data. Early CSPM solutions enabled businesses to identify their cloud environments, monitor for changes, and leverage policy visibility to ensure consistent enforcement across multiple cloud providers, but they failed to take it a step further with context.
Context is most often determined by how a piece of compute — like an identity or data point — is invoked. Based on learned function context, your cloud environment can enforce granular access controls to web apps, VMs, APIs, and apps based on a user’s identity and context of the request — without the need for a traditional VPN.
Many organizations today are still lacking key identity-related security controls. Meanwhile, the few companies that have started applying proper access controls are typically focusing on users as opposed to identities.
Charline Grenet, Developer Relations at Microsoft, joined forces with Tiffany Souterre, Product Marketing Manager at Microsoft for a session called “Why should I engage with my developers now? The French duo conquers “Shifting left” which represents an approach to improve security and quality by starting certain parts of the security process to an earlier part of the DevOps process. However, many members of your DevOps teams might resist such an approach. Here are some of the challenges these leaders brought to the table when talking about developers and security working together:
Changing the Status Quo. Even though developers are at the forefront of technology, they might be resistant to changing anything in the process. The existing way of doing it is what they’re used to. They may not see any reason to change. For this reason, it’s important to highlight how this is a better approach that solves certain challenges. While you’re at it, try to foster a workplace culture of change, where the team always tries to find better, faster, and more secure ways to do things.
Overburdened Developers. Any time that you add or change steps in the process, you add more work for your development team. Most DevOps teams are already slammed with work. In particular, they may fear that they’re going to take on the work of the other people involved in the process. As a result, it’s important to clearly explain that this moves certain steps earlier in the process that would have been completed anyway. It doesn’t inherently add more work to the development team.
Speed Over Quality. When DevOps teams focus on speed instead of quality, they can often make mistakes. This includes skipping the time IT security needs to simply mark it as complete in a project management system.
Finding the Right Security for DevOps Teams. To be effective, your security tools, strategies, and procedures need to work for your DevOps team. It can’t force the team to manage processes that don’t fit within their workflows or that they won't accept. Then they'll just find a workaround. The DevOps security tool needs to be right for them and their workload.
Having the right security tools doesn't necessarily mean that they'll be used or that your organization will have a secure infrastructure. You have to have a solid foundation of trust, build a culture of change that constantly evaluates new ways to approach security, and allow your team to work together toward a common goal.
One way to take control of the cloud is to use the right tools for the job. The right Azure tools can power beyond traditional security controls like user management or system access control. Microsoft Ignite has wrapped up, and we’re excited to see what Microsoft Azure has in store for enterprise customers in 2022. If you have any questions about the content covered in Ignite, schedule a demo with a Sonrai Security rep.