Most operations teams have a lot on their plate. Usually they have primary responsibilities that includes many of their company's core IT functions - and often the Azure presence is just a small piece of that. But cloud adoption is accelerating as more and more workloads make their way to Azure and AWS ; public cloud platforms that were once limited in their use are now the path of least resistance for a variety of critical enterprise applications. How do ops teams, with so much on their plate already, get their collective arms around a modern cloud platform like Azure? The answer is that many of them aren't, which limits of the cloud and ultimately presents a security risk for the organization.
In this post, we're going to quickly run through the top 5 things your ops teams should be doing in Azure that maximizes the platform while improving your security posture. Addressing these items will not only protect your presence from a number of threats and improve your overall security posture, but it will also put your company in the position to get much more out of your Azure investment.
1. Define User Access Policies Upfront
User identity and access is probably the single most important element to securing and managing an Azure environment. Who has access and to what is obviously has always been important. But in the cloud scenario, where resources are ephemeral and workloads distributed, data access controls are of even greater consequence. Azure Role Based Access Control (RBAC) lets you assign permissions to users, groups, and applications at various scopes. Your ops team should be implement a least privilege model using RBAC. Multi-factor authentication and Azure AD sync for management centralization are also key elements of your user access policy.
2. Create a baseline for the environment
Deploying to Azure is so frictionless that many organizations just start growing their presence without much concern. The problem is that a once simple workload can quickly become a sprawling presence with little consistency and even less organization. Creating baselines for your Azure environment helps because it forces your ops team to define approved configurations for network, end-points, storage, etc. When a baseline is well defined, ops teams can then focus on making sure their Azure deployments stay in line.
3. Automate as much as you can
One of the reasons why more ops teams aren't doing these things is that on the surface it all feels daunting. Automating all the in's and out's of the Azure lifecycle requires experience and sometimes deep knowledge of Azure's capabilities as well as 3rd party systems. Through Azure Resource Manager templates and API, Azure Automation, and tools like OpsCompass, you can automate your entire lifecycle.
4. Use the features
Azure has a ton of features that help you across the entire lifecycle of your Azure deployment. From command line tools like Azure CLI, to logging with Azure Monitor, and Azure Security Center for additional security, Azure has a wide array of tools that are critical to the optimal functioning of your applications. One of the easy ways we help companies be successful in Azure is to make sure they're using things like Azure Advisor for best-practices recommendations, or that the correct logging and alerts are configured for the environment. Your teams should be leveraging these tools optimize your Azure presence.
5. Continuously audit
Too many organizations fail to address these fairly simple things when they get to Azure. But as Azure becomes more strategic to organizations, these 5 items because the foundation for a secure, best-practices oriented, devops-enabled, Azure presence.
If you're on Azure and ready to take the next step, let us know and we'd be happy to help get your cloud infrastructure on the right track.