When developing custom software for the enterprise, security is at the heart of the build. Knowing your data, staff and clients are safe when using your software is a fundamental that can’t be ignored. That’s why Ballard Chalmers operates a policy of Security by Design.
Let’s take a look at some best practices for cloud security for your applications.
Build in Strong Access Control
Traditional security practices are not enough to defend against modern security attacks. Therefore, the modern security practice is to “assume breach”: protect as though the attacker has breached the network perimeter. Today, users work from many locations with multiple devices and apps. The only constant is user identity, which is why it is the new security control plane.
Using Azure Active Directory for authenticating users provides you with a complete secure identity and access management solution.
Provide another layer of security by requiring two or more of the following authentication methods:
- Something you know (typically a password)
- Something you have (a trusted device that is not easily duplicated, like a phone)
- Something you are (biometrics)
Master the balance between security and productivity by factoring in how a resource is accessed in an access control decision. Implement automated access control decisions for accessing your cloud apps that are based on conditions.
Verify the identity of everything and anything trying to authenticate or connect before granting access.
Improve Security Attitude
With more and more recommendations and security vulnerabilities identified, it is harder to triage and prioritize response. Make sure you have the tools you need to assess your current environments and assets and identify potential security issues.
Analyse Your Current Security Levels
Use a tool like Secure Score in Microsoft Defender for Cloud to understand your existing security posture. Then implement the recommended best practices to improve your score.
Create Strong Policies
Prevention is always better than reaction when it comes to security and defining and enforcing strong security policies is always best practice. Use Azure Policy for monitoring compliance.
Protect data, apps, and infrastructure through a layered, defence-in-depth strategy across identity, data, hosts, and networks.
Encrypt data at rest and in transit. Consider encrypting data in use with confidential computing technologies.
Our developers follow OWASP (Open Web Application Security Project) best practices to ensure the system is resilient to hackers. Additionally, the Microsoft SDL (Security Development Lifecycle) practices provide a strong development process where security is taken into consideration at every stage of the development process.
Operational security posture—protect, detect, and respond—should be informed by unparalleled security intelligence to identify rapidly evolving threats early so you can respond quickly.
Enable detection for all resource types
Ensure threat detection is enabled for virtual machines, databases, storage, and IoT. Azure Security Center has built-in threat detection that supports all Azure resource types
Integrate threat intelligence
Use a cloud provider that integrates threat intelligence, providing the necessary context, relevance, and prioritization for you to make faster, better, and more proactive decisions
Modernize your Security Information and Event Management (SIEM)
Consider a cloud-native SIEM that scales with your needs, uses AI to reduce noise and requires no infrastructure.
Protect your Network
We’re in a time of transformation for network security. As the landscape changes, your security solutions must meet the challenges of the evolving threat landscape and make it more difficult for attackers to exploit networks.
Keep strong firewall protection
Setting up your firewall is still important, even with identity and access management. Controls need to be in place to protect the perimeter, detect hostile activity, and build your response. Web Application Firewall (WAF) protects Web Apps from common exploits like SQL injection and cross-site scripting.
Enable Distributed Denial of Service (DDoS) Protection
Protect web assets and networks from malicious traffic targeting application and network layers, to maintain availability and performance, while containing operating costs.
Create a Micro-Segmented Network
A flat network makes it easier for attackers to move laterally. Familiarize yourself with concepts like virtual networking, subnet provisioning, and IP addressing. Use micro-segmentation, and embrace a whole new concept of micro perimeters to support zero trust networking.
Cloud Security at Ballard Chalmers
As well as putting cloud security at the heart of your build; as part of the Transparity Group, you also have access to Transparity.Cyber. Our partner company, can provide a fully managed security service or help train your internal team on security best practices.