| certifications | microsoft - Team Nuggets
5 Ways to Secure Environments with Azure
With data breaches in cloud applications so prominent, the enterprise network needs someone who understands security to protect it from attackers. Most Microsoft-based applications use Azure, so an IT pro needs to know the ins and outs of data protection for Azure. Microsoft's latest certification covers security fundamentals for Azure. Here are some useful security features that you should understand.
1. Using Microsoft Anti-malware for VMs
One way corporations compromise data is when malware is placed on a machine (usually from a phishing attack) and it's able to send data to the attacker. This data could be in the form of a text file retrieved from the malware's keylogger.
Using Microsoft's anti-malware monitor in an Azure virtual machine, you can stop it before the malicious software is able to execute. As the administrator, you get an alert, so you can clean up the malware before it distributes any private data.
2. Azure's Identity Management
You could have your users create a dozen passwords for each application, or you can use Azure's Active Directory Premium service. When your users have accounts spread across different areas of the network, you risk the chance of missing one account after the user leaves. If the account isn't deactivated, you have a security vulnerability, because the user can log in even after they are no longer with the organization.
The Azure Active Directory Premium service gives you a single sign-on (SSO) for all of your users. It provides a one-stop identity management system for applications across the SaaS environment.
3. Two-Factor Authentication
What happens when your users get their passwords compromised? Not much, if you use Azure's integrated two-factor authentication system. Two-factor authentication uses a password and the user's smartphone to send a secure pin during the login procedure. Without access to the second device, a user is unable to log in.
Azure has this feature built in, so you don't have to buy expensive hardware and software to support two-factor. As an administrator, you must be able to configure and support it for your Microsoft Azure environment.
4. Storage Encryption and Role-Based Access Control
Any data transmitted in the cloud is susceptible to eavesdroppers. Your data is at risk if you transmit data unencrypted and in plain text. Microsoft's Azure Storage lets you encrypt information in transit to reduce the risk of data leaks due to eavesdropping.
Microsoft also has role-based access controls. Role-based access control is set on a "need to know" basis, which is a security phrase given for the best standards in providing access to different areas of your system. The standards state that you should only give access to people who need to know the data to perform a function of their job. If they don't need it, then they should not be granted access.
5. SQL Server Database Controls
SQL Server is a big part of the enterprise, and it's the main target for hackers. Because a company's entire data records can be stored in SQL, an administrator must take extra precautions to protect the server.
Azure increases security by restricting some of the common SQL statements you use in Management Console. The administrator must be able to implement and recognize these restrictions to keep database activity running smoothly. Domain authentication is used in the cloud environment, so the database requires the administrator to configure SQL for Windows authentication and verify that users have access using Active Directory.
Statements such as USE are removed from cloud databases to ensure an attacker is unable to gain access to other databases if he/she is able to manipulate users or application code into giving him access to another database.
All five of these features are the core of Azure's security and are an important part of certification. If you plan to maintain and build Azure-based environments, understanding the principles of these features will help you ace the exams.