Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementTechnologies & SolutionsSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

How to avoid becoming another Azure misconfiguration statistic

By Eric Kedrosky
The Cloud Is NOT a Product
December 10, 2020

Today's complex computing environments are rife with vulnerabilities. Keeping your organizational data safe requires employing today's best data security practice: adopting the premise that identity and access management provide the new and true security perimeter.

Powerful identity and access management (IAM) models of public cloud providers like Microsoft Azure, enable the deployment of applications and data with far greater protection than what is possible in traditional cloud security. However, these cloud provider IAM solutions are not without risk when misused. If your organization uses Microsoft's Azure, then you'll want to avoid making the Azure configuration errors that are most common among like-minded users. 

  

System oversight: Double check configuration

The most common data security mistake made by most companies is their lapse of system oversights after they've engaged the Azure AD platform. While Azure does perform amazing feats, it still requires appropriate configuration and attention to retain its mastery of data protection. Further, ongoing attention to these details also will save money while optimizing the performance of your system.

 

Take precautions with data security tune-ups

Tune-up fundamental access procedures

There are two types of cybercriminals to guard against: 

  • Hackers - those external malfeasants who gain entry through phishing or other outside-in ploys, and 
  • Insiders - trusted colleagues, staffers and business partners who exploit their position to gain access to information that they use for personal gain. 

Fundamental access controls, including Role-Based Access Control (RBAC) and Multifactored Authorizations (MFAs), can prevent intrusions by both types of criminals. These controls verify the identity of valid users, then monitor their usage to ensure it remains within the security parameters mandated by their work. 

 

Tune-up subsequent access privileges

Network Security Groups manage ingress and egress to the Azure resources contained within an Azure network. Often, to ease access and speed productivity, Admins will set broader security configurations on these controls so that essential access isn't inadvertently denied. However, this broad access rule also allows insiders to tap into  resources they don't need to access. Setting the controls with the least permissive settings will prevent intrusions through these portals.  

 

Monitor your activity logs

Your Azure databanks also record who's accessing your Azure resources and that information can alert you to inappropriate use or activity. The Azure Activity Log integrates with Azure's Operations Management System (OMS) and Power BI solutions, allowing you to monitor all of the create, delete, update, and action behaviors occurring across your Azure network.  

 

Watch your resting data, too

Not all your data is used all the time, but most of it still needs storage and security until it's needed or permanently deleted. Too many companies fail to adequately protect their 'data at rest,' leaving them vulnerable to external and internal intrusions. Encrypting it, which makes it unintelligible to unauthorized entities, maintains its integrity and keeps it secure. Azure automatically encrypts all new data storage banks by default; your organization should keep those settings and apply them to your older stores, as well. 

 

Avoid data optimization errors

Another error often made in Azure's configuration is the failure to optimize its operational tools. 

 

Optimize your resource tags

Tagging Azure resources identifies them within the database so that other resources can find and access them. Managing tags is a critical operational and security function since they allow access to vital corporate resources—accordingly, only users with write access to the Microsoft.Resources/tags resource can apply tags to resources. 

 

Optimize your inventory utilization

Just like resting data, not all resources are in high demand all the time. Maintaining them for that level of functioning is expensive, so Azure gives you the power to scale them down when demand is low. Tracking your corporate resources allows you to scale up and down according to your market sector's requirements. 

 

Watch for Expensing Errors

Monitor your metrics

Resource tracking provides not just information about cyclical demands on your organization, but also about the costs of maintaining readiness to meet those demands. Overprovisioned but unused resources waste money. Azure can alert you when your resources are sitting idle so you can adjust your settings appropriately.

 

Access the Azure Resource Manager (ARM)  

You'll need control over all your Azure assets to maximize your organizational security, and the ARM gives you that control. This overarching layer lets you create, enable, update, and delete the full scope of your Azure account's resources, including your access and identity controls. The ARM manages your account using templates, not scripts, so that you can control all your assets as a group. It applies access control to all your services by the native integration of RBAC in the management platform, as well as facilitates tagging, billing and ensuring consistent scaling. 

 

Explore identity and data governance platforms 

Public cloud IAM security models are a double-edged sword. One edge provides excellent promise with the ability to architect strong IAM based security into applications that significantly improve data protection. Unfortunately, the other side can introduce attack vectors if not correctly architected and configured. In this article, we highlighted just a handful of common errors that can lead to exposed data, however, with the right tools many of these common errors can be detected, prevented and remediated.

Organizations looking to reduce risk in Azure should look at identity and governance platforms that help them graph all of their trust relationships between human and non-human identities. Your solution should include, but not be limited to, getting to and maintaining least privilege, locking down “crown-jewel” data, shifting left by integrating DevOps and IT teams, and more. By utilizing an identity and data governance platform, your organization can properly detect and manage any Azure configuration issues.

 

KEYWORDS: application security cloud security cyber security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Eric kedrosky 1

Eric Kedrosky is the Director of Cloud Security Research and CISO for Sonrai Security. Eric has spent his career gathering a wealth of experience that has allowed him to become an expert in cloud security.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • data privacy

    Accidental database breaches are on the rise – How can your company avoid becoming the next headline?

    See More
  • cloud-security-fp1170x658v05.jpg

    3 ways to fight cloud sprawl

    See More
  • ransomware

    Ransomware: Avoid Becoming the Next Victim

    See More

Related Products

See More Products
  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • school security.jpg

    School Security: How to Build and Strengthen a School Safety Program

  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing