I heard many concerns about the usage of cloud services from various Managers, Administrators or of cause Information Security responsibles. Some years i was thinking maybe in parts the same es them. Where will my Data be, who can access them, how will they be save and secure? Yes, all this are things that come to your mind when you think about using the Cloud. But to be honest, how is it about your current Environment? Do you know where your Data are, where they go and who has access? Are you realy save in your Nutshell? Most of the attacks and theft of data come from inside the Company, cause someone can get any data and send them to anywhere outside the company, and all this without anybody mentioning it or get aware of it. Also the usage of 3rd party Cloud Services might be unknown for your IT Department, keyword „Shadow-IT“. So why not use what Azure can offer you with the right license out of the box instead of buying your 2nd or 3rd Tool to „help“ you with this? I will now not write down all Azure Services that might help you here, especially with securing your identity, but let me show you how you may start for your Tenant and Azure Service.
First thing i prepare for every Customer that starts using Azure Cloud Services is to implement a Log Analytics Workspace. For some of them this is just a „nice to have“ for some it is necessary cause of compliance and regulations. So you need a Azure Subscription and a Log Analytics Workspace. Now enable the collection of Azure Audit and Sign-In Logs within this Log Analytics Workspace. Keep in Mind that it collects, if not changed, only 30 days of Logs, when you want to increase the retention period, look HERE. What else to collect?
At the Picture above you can find some sources of Logs that you should mention, when you use the according Services. What i realy like and recommend to implement is Cloud App Security. This might not be relevant for every Company, relating to it’s size, the users and regulations, but with this Service, you get a very good overview of who uses what Cloud Services in which way at the moment. Take a look HERE to learn more about it. And of cause, it works perfect with other Cloud Services like the Security Center and Defender ATP. With the bunch of those tools you can identify and regulate the use of Cloud Services. You may also not need any Proxy anymore, as you can manage the Web Service Access Lists directly on the Clients. And you can permit the use of risky Cloud Services out of the Portal. Things that where not as easy and cheap to realize OnPremises.
The Security Center will help you to quickly and easy identify the current status of your Cloud estate, what are the needs to improve and what you have to do to improve. A security score helps you to identify with a easy to understand KPI what is the current position. When going through the advises and remediation steps, some can be done as a quick fix, some need to be done manually, your score will increase over time. But keep in mind that adding new Services, might decrease the score and again and will lead to new security remediation actions. This is a continuous process and should be done at a recurring period.
When you have at the moment no LOG Collection and Analytics Solution or even SIEM System, maybe Azure Sentinel, that sits on-top of the Log Analytics might be your tool of choice. It offers many different Data Connectors that enable you to easily collect the data from the connected Services. Services like Azure AD, Azure Security Center, Cloud App Security and Office 365. But, you can also integrate 3rd Party Solutions like AWS, F5, Zscaler and so on. With Sentinel you can not only view this Information, you can Start hunting for Events as they are all there and can be joined together to invest threats, risks and problems. You can also do a alerting in correspondence with Azure Monitor Action Groups and you can run playbooks to act against threats and incidents. So Sentinel offers you much more like a Splunk may be able to support out of the box. And even the price is nothing you should fear about. You pay per amount of analysed data and when using Sentinel, also your Log Data remediation period increases to 90 days without additional costs.
Summarized you can say, that using the Cloud, will improve the visibility of IT Services used in your company. This will help you to evaluate and decide which of them you will still use, maybe in a more secure way like with Enterprise Applications and which you will permit with Cloud App Security and MDATP. You can also classify your Data and decide what can and what can’t be done with them when using Azure Information Protection and Data loss Prevention. Deny the possibility to copy Data from an Company managed Application to a not Company managed Location. Azure offers you Services already out of the Box that would be otherwise very expensive and hard to manage. And, yes, all those Services work Hand in Hand and rely on each other.
So don’t fear the step towards the consumption of cloud services, but be clear what you need and how you implement it in a way you will be able to manage it.