This is the third post in a series of eight on the five pillars to actionable cloud security. For the rest of the series, visit the Five Pillars blog page here.
Since the cloud isn’t an on-premises solution, securing access is a natural starting point. Traditionally, customers look at identity management and access management from the standpoint of users. Users, which can be further categorized into groups, will also have associated roles, and permissions associated with these roles.
Even within similar organizations – example, a company may have multiple groups within a larger development organization, with different permissions associated both to the roles those users have and the groups to which they belong. It is not necessarily a linear relationship.
Within a cloud infrastructure, effective identity and access management (i.e., IAM) will allow IT administrators authorize who can take action on specific resources, and provide those administrators with visibility and control across that whole infrastructure. This can quickly get complex, with hundreds of organizations, workgroups, and projects. However, this also becomes the first “window” into who’s doing what.
Similarly, companies in the cloud have come to understand that services can be subject to the same management schemes as users. This is an important construct when organizations look to leverage cloud services for transformation – those services need to be understood in terms of how they are accessed and managed.
Within the Azure infrastructure, the products and services found here need to be considered as part of an organization’s Identity and access pillar.
Azure Active Directory provides secure access to resources with Identity and Access management. With this service, customers can integrate native services such as virtual machines, storage accounts, app services and many more. Additionally, Azure Active Directory provides access management for cloud and hybrid environments.
To develop an actionable Identity and Access management pillar, customers must:
- Enable single sign-on
- Enable multiple-factor verification for administrators and users
- Use role-based access controls and provide access as needed
- Lower exposure of privileged accounts
In the next post we will discuss the second pillar, Detection Controls.
Rich Turner details the five pillars to actionable public cloud security in this Barracuda blog series. Click To Tweet
Rich est directeur marketing pour les produits de cloud public chez Barracuda. Il a rejoint l'équipe dans le cadre de l'acquisition de C2C Systems en 2014. Rich est l'un des experts du cloud public de Barracuda. Il travaille directement sur les écosystèmes cloud et est cité dans des ebooks de Microsoft sur la sécurisation du cloud public. Il est également contributeur régulier des blogs thématiques sur le cloud de Barracuda. Dans le cadre de notre travail sur le cloud, il aide au développement de stratégies et à leur exécution avec nos partenaires et nos équipes commerciales.
Si vous souhaitez entrer en contact avec Rich, vous pouvez vous connecter avec lui sur LinkedIn et le suivre sur Twitter.
Vous pouvez contacter Rich par e-mail à l'adresse rturner@barracuda.com.
