In this lesson, we will discuss how to properly harden your entire Azure infrastructure with Azure Security Center.
We will cover the costs of using Security Center, the standard and free tiers, and what each provides for coverage.
You will learn about the core functionality of Security Center, and how to configure your workloads to satisfy company or regulatory security requirements.
Finally, we will explain in-depth what the free tier offers and what the standard offers above that.
Properly securing your cloud infrastructure is a multi-faceted effort. It includes a lot more than just using the tools provided by your hosting solution. It takes employee training, secure coding practices, properly maintained facilities, regular auditing, and a number of other important practices. That said, Microsoft Azure does of good job of simplifying the task of securing its own resources. Thanks to the Azure Security Center service you have one full-featured centralized solution for hardening your entire Azure infrastructure.
Security Center is automatically included with your Azure account at no additional charge. By default it can only be used with your Azure systems. If you upgrade from the free tier to the ‘standard’ tier, you can have Security Center work with non-Azure resources in a sort of hybrid infrastructure model. The upgraded ‘standard’ tier also adds a number of useful features not available to the free tier. These include advanced threat detection systems for Azure systems, customizable alerting, security event collection and search, and a threat intelligence module.
Security Center’s core functionality, available in both the free and standard tiers, is its security policy system. Security policies let you defined the configuration of your workloads such that they satisfy specific company or regulatory security requirements. When you access the Security Center UI you will discover that there are default policies for all Azure subscriptions. These policies include recommendations that can be turned on or off. A good place to start looking is at your computer resources. On the Security Center dashboard, click ‘Overview,’ and then select ‘Computer.’ It will display a color-coded list of recommendations for your entire computer infrastructure.
The security policy and recommendation services are the bulk of what the free tier of Azure Security Center does. It might seem simple, but it is actually quite powerful, particularly if you are only using Azure for your cloud environment. You get tons of free recommendations and a central location for auditing and adjusting security policies to suit company compliance requirements. When combined with all of the other monitoring, event logging, and alerting systems in Azure that we have already covered, you have all the tools you need to maintain a hardened, transparent, self-optimizing infrastructure.
We strongly recommend digging into the Security Center documentation to learn about some of the additional features at the standard tier. In particular VM access management and customizable alert systems can be very helpful for complex cloud systems. One cool thing is you can actually use the standard tier with all of its additional features completely free for 60 days. It’s a great way to see if you actually need any of its advanced capabilities.
So with that, we come to the end of section two. We have thoroughly covered platform monitoring, network monitoring, and security for your Azure systems. Congratulations on making it this far. You’re ready to really do some great operational work for any Azure environment now. Our final section will focus on operation automation. See you there!
Jonathan Bethune is a senior technical consultant working with several companies including TopTal, BCG, and Instaclustr. He is an experienced devops specialist, data engineer, and software developer. Jonathan has spent years mastering the art of system automation with a variety of different cloud providers and tools. Before he became an engineer, Jonathan was a musician and teacher in New York City. Jonathan is based in Tokyo where he continues to work in technology and write for various publications in his free time.