Recent news from Azure is jaw-dropping: “We have seen a 775 percent increase of our cloud services in regions that have enforced social distancing or shelter in place orders.” I am happy to see that Azure is able to incorporate more users for this quick change of how business is being done. Related, I had a Tweet that fits well last week:
But what happens when we quickly implement something? Corners may be cut and I would like to offer some practical advice for Azure users who may be using new services or using services in additional ways given current conditions. My fear is that in a hurried implementation, some security practices may not have been implemented. Therefore, here is a quick list of resources and considerations you can do to ensure that your Azure Storage resources are implemented in a secured manner.
Number one Piece of Advice: Start and end your administrative portal visits in the Azure Advisor. This will provide key recommendations for cost, security, high availability, operational excellence and performance. Additionally, consider Azure Advisor alerts. Azure Advisor recommendations change over time and adapt as you consume the services; as you can see I have some work to do:
Have Multi-Factor Authentication on the Azure Portal: This is rather critical, ideally this has been implemented already but should be in place if Azure has taken an additional role of production data and applications being housed there.
Setting Azure Security Alerts for Storage Accounts: This is a very helpful alerting mechanism, things like massive deletes or unusual access notifications.
Set Network Access for Azure Storage Accounts: If you know what IPs will be consuming an Azure Storage account; a network access rule would be strongly recommended.
Azure Blueprints: Great resources if you are putting anything that is regulated or subject to compliance audits in the Azure cloud.
Cleaning up Azure Resource Groups: If data and workloads move around, you may want to clean up.
Azure Metrics for Storage Accounts: This can help you ensure that you are consuming Azure storage as expected.
Setting Azure File Share Remote Connections: This can be very helpful to extend connectivity to Azure Storage resources!
This is just a start, but a call to ensure that any quick deployments in Azure are assessed and implemented as well as possible. The risks of having an Azure blob container for example exposed with no security worldwide may not be the next IT emergency you want to deal with.