Microsoft does a fantastic job of protecting their infrastructure from threats and attacks using state-oIf-the-art defenses.  What do you do?  Infrastructure as a Service (IaaS) is nothing more than moving your on-premise servers to the cloud.  You’re still responsible for the security and integrity of your networking environment.  The responsibility is solely yours and not Microsoft.  Would you accept deploying a firewall with nothing more than an access control list (ACL) in your data center?  Then why would expect anything different in the cloud?

Microsoft’s firewall is a good start; however, if you have a publicly facing service (RDP, CRM,ERP, etc) you need to take additional precautions such as deploying IDS, UTM as well as multi-factor authentication and IP restrictions.  Unlike traditional on-premise solutions, these types of security measures can be easily deployed- thanks to the Azure marketplace.

Vendors, such as Checkpoint, Barracuda, Cisco and Fortigate, all offer next- generation firewalls to enhance overall security of your infrastructure.  Trend Micro, Alert logic both provide intrustion detection system (IDS) to monitor against malicios actvity.  Sophos XG Firewall will be forthcoming to the Azure Marketplace offering a compressive security solution including UTM and IDS.

Unlike traditional infrastructure these solutions can be deployed dynamically and within minutes vs hours.  Like all security measures,  knowledge is key.  Deploying a firewall or IDS system without a comprehensive knowledge of the service and functionality can expose a firm to risk.  Search engines, such as Shodan, focus on network vulnerabilities and misconfigurations.  Most data breaches are a result of misconfiguration of firewalls and related services.

When evaluating your security needs, start with a high-level risk assessment and keep it simple.  This will help you better understand if you need to dig deeper.

  •  If the service being hosted was to be compromised what would the impact to the business be?  For example, a static web site would have minimal risk to the business and Microsofts basic firewall should be sufficent for most businesses.
  •  Remote Desktop access provides a greater risk than a static web site.  Think about deploying two-factor authentication with a next- generation firewall at minimum.
  •  CRM systems, if compromised, puts the business at a significant risk. To reduce overall risk, utilize two-factor, next generation firewall and and IDS system.  If possible, implement IP restrictions.

Microsoft security model is about protecting the platform to ensure availability.  This does not extend to your data and enviroment.  Thankfully, there’s a host of solutions to secure your network and protect your data.