skip to Main Content

Best Practices for Cloud Security

When developing custom software for the enterprise, security is at the heart of the build. Knowing your data, staff and clients are safe when using your software is a fundamental that can’t be ignored. That’s why Ballard Chalmers operates a policy of Security by Design.

Let’s take a look at some best practices for cloud security for your applications.

Build in Strong Access Control

Traditional security practices are not enough to defend against modern security attacks. Therefore, the modern security practice is to “assume breach”: protect as though the attacker has breached the network perimeter. Today, users work from many locations with multiple devices and apps. The only constant is user identity, which is why it is the new security control plane.

Using Azure Active Directory for authenticating users provides you with a complete secure identity and access management solution.

Multifactor Authentication

Provide another layer of security by requiring two or more of the following authentication methods:

  • Something you know (typically a password)
  • Something you have (a trusted device that is not easily duplicated, like a phone)
  • Something you are (biometrics)

Access Control

Master the balance between security and productivity by factoring in how a resource is accessed in an access control decision. Implement automated access control decisions for accessing your cloud apps that are based on conditions.

Zero-trust model

Verify the identity of everything and anything trying to authenticate or connect before granting access.

Improve Security Attitude

With more and more recommendations and security vulnerabilities identified, it is harder to triage and prioritize response. Make sure you have the tools you need to assess your current environments and assets and identify potential security issues.

Analyse Your Current Security Levels

Use a tool like Secure Score in Microsoft Defender for Cloud to understand your existing security posture. Then implement the recommended best practices to improve your score.

Create Strong Policies

Prevention is always better than reaction when it comes to security and defining and enforcing strong security policies is always best practice. Use Azure Policy for monitoring compliance.

Secure Apps

Protect data, apps, and infrastructure through a layered, defence-in-depth strategy across identity, data, hosts, and networks.


Encrypt data at rest and in transit. Consider encrypting data in use with confidential computing technologies.

Best practices

Our developers follow OWASP (Open Web Application Security Project) best practices to ensure the system is resilient to hackers. Additionally, the Microsoft SDL (Security Development Lifecycle) practices provide a strong development process where security is taken into consideration at every stage of the development process.

Mitigate Threats

Operational security posture—protect, detect, and respond—should be informed by unparalleled security intelligence to identify rapidly evolving threats early so you can respond quickly.

Enable detection for all resource types

Ensure threat detection is enabled for virtual machines, databases, storage, and IoT. Azure Security Center has built-in threat detection that supports all Azure resource types

Integrate threat intelligence

Use a cloud provider that integrates threat intelligence, providing the necessary context, relevance, and prioritization for you to make faster, better, and more proactive decisions

Modernize your Security Information and Event Management (SIEM)

Consider a cloud-native SIEM that scales with your needs, uses AI to reduce noise and requires no infrastructure.

Protect your Network

We’re in a time of transformation for network security. As the landscape changes, your security solutions must meet the challenges of the evolving threat landscape and make it more difficult for attackers to exploit networks.

Keep strong firewall protection

Setting up your firewall is still important, even with identity and access management. Controls need to be in place to protect the perimeter, detect hostile activity, and build your response. Web Application Firewall (WAF) protects Web Apps from common exploits like SQL injection and cross-site scripting.

Enable Distributed Denial of Service (DDoS) Protection

Protect web assets and networks from malicious traffic targeting application and network layers, to maintain availability and performance, while containing operating costs.

Create a Micro-Segmented Network

A flat network makes it easier for attackers to move laterally. Familiarize yourself with concepts like virtual networking, subnet provisioning, and IP addressing. Use micro-segmentation, and embrace a whole new concept of micro perimeters to support zero trust networking.

Cloud Security at Ballard Chalmers

As well as putting cloud security at the heart of your build; as part of the Transparity Group, you also have access to Transparity.Cyber. Our partner company, can provide a fully managed security service or help train your internal team on security best practices.

Post Terms: Active Directory | Azure | Azure Policy | Cloud | Microsoft Defender | OWASP | Security

About the Author

Marketing Manager, Leah Monterroso, has been writing blogs and articles for the last six years. Since working with Ballard Chalmers, she has immersed herself in Microsoft tech news and bringing value to clients and the wider community through content.

You can find Leah online at:

Back To Top
Contact us for a chat