Join David Elfassy for an in-depth discussion in this video, Objects to secure in the cloud, part of Microsoft Azure: Security Concepts.
- [Instructor] Now we are getting familiar with the tools we use to manage all of our security settings in Azure or even our resources stored in Office 365. But what we need to talk about now is the what, not necessarily the how. We'll get to the how of how we secure our resources, but first I wanna get to which resources do we need to secure. So here I'm in my Azure security portal or dashboard that I specifically created to manage all my security settings. Now this dashboard here, I've added a tile that contains all of my existing resources and I can actually hover over each resource to see what type of resource it is and each one of these resources will have some security settings at least.
For example, here I have an app service, and when I click on my app service, I can go down into my settings. And in my settings I'll see my SSL settings, or my secure socket layer settings, where I'll be able to enable things such as HTTPS access to encrypt the connection. Now sometime a security setting is deep into the configuration of an object. Sometimes we have security settings that make up the entire properties of the object.
It really depends on which object we're managing in our Azure portal. So I'm gonna go back to my dashboard here, again these are my resources that exist in Azure. But I wanna talk about all the various resources that I can add to Azure and why I would want to secure any one of those resource. So what I'm gonna do is click here on create resource, and when I click on create resource, I see all the various types of resources that I can create in my Azure portal. So let's talk about the security settings and why I would want to secure some of these resources.
The first thing I'm gonna do is click here on compute. Now compute is where I can go ahead and create my virtual machines now, a virtual machine object, a server that is hosted in Azure is one of the most popular deployment option for an Azure environment. And this is the infrastructure as a service setting that we were talking a little bit earlier in the course, or the type of deployment or the type of manner in which you would use an Azure subscription. Now what would I need to configure in terms of security for my virtual machines? Well there are many, many different things that I would have to do.
One of things that I need to do is secure the operating system for example so, that actually means going into the server and configure settings while I'm logged in, depending on the various version of the server or the type of operating system I'm deploying, there could be a number of security settings that I'd have to deploy from the server itself. However, from Azure I can go ahead and specify the access security. Who can access that virtual machine, who can connect to it? What type of connection would they use? If I'm using an RDP or a remote desktop protocol connection to that server, is it going to be encrypted? What type of security is there going to be on that access? So virtual machines and managing the access to those virtual machines, is one of the most important security settings that I'm gonna be able to set from Azure.
Now once you deploy your virtual machines, one of the things you'll wanna do is, configure networking settings now. Actually if you've gone into the various Azure courses, you see that there are some prerequisite networking settings that must be in place before you deploy the virtual machines. But you must think of the security access to those virtual machine in conjunction with deploying your network configurations. We have another course in the library which deals specifically on networking for Azure.
Now all of the networking settings will allow you also to configure things such as access points. Where we can define how a specific user or group of user or how a network will access another network, and that access, which type of encryption will it use, which type of protocol will it use, all of those things can be defined through access points and these various access points are configured through the various networking functionalities and networking objects that we create in Azure.
As well of course we have our data now our data is configured and secure through our storage objects. And one of the first storage objects that we create in Azure is a storage account. And then we define the type of storage account that we have and also the type of access and security settings for that storage account. So we need to secure our servers, our access to the servers. And the data that is being stored to even store the servers themselves, or store files that are being accessed by our users or our servers.
Now that is one type of deployment if I'm using an Azure infrastructure as a service, specifically that I will use in term of security settings. But a lot of organizations may not necessarily use Azure for infrastructure as a service, they may use it specifically to store websites or web apps. Now a web app is the relatively new name that we use in Azure to define the websites or the websites that run various types of code in the background to perform tasks, and those would be hosted in Azure as well.
Now there are some security related tasks to that web app, which needs to be performed by a developer. And the developer needs to apply various security principles. However if you deploy a web app, you can then specify things such as HTTPS or secure socket layer as I mentioned earlier, which encrypts all connectivity to that web app. And there's a number of security settings that we can set for web apps in Azure and we will look at some of those a little bit later on in the course. If you have an infrastructure in Azure which is deployed as a PAS or platform as a service, you may have actual Azure SQL databases that are stored directly in Azure and then you need to manage the security of that data that is in that database as well as the security access to those databases.
Now when Azure was first made available, the first type of databases that were available were Azure SQL databases, being a Microsoft technology. Now there are multiple types of databases that you can create in Azure, such as Cosmos DB, Postgres, MySQL, and others that will allow you to map to your various data storage needs. So whether they'd be managing the servers that access the data, the data themselves, or the databases, we have a multitude of objects that need to be secured.
But there are also security specific objects that we can create in Azure or specifically security services. For example, I have the identity management or the privileged identity management that is offered through Azure AD. Some enhanced type of specifying access to resources. There are various tools for rights management services, to encrypt specific sets of data. Now there's a number of those security services that you can deploy in Azure, and most of those are subsets of Azure active directory, or specifically they require an Azure active directory deployment to already be in place.
And then as a subset of that you can use that Azure AD deployment to improve the encryption data governance or any other type of data related security settings on the data and the resources that are hosted in your Azure environment.
- Securing objects and virtual machines
- Deploying certificates for Azure resources
- Implementing multi-factor authentication
- Securing Office 365
- Securing Azure Active Directory