Top 10 Terms for Azure Cloud Security

Understanding the cloud starts with understanding the lingo! Here’s our deep-dive into the most important cloud terms to understand for Azure cloud security, including exactly what they mean for your unique cloud environment.

Table of Contents:
Azure Sentinel
Azure SQL
Azure Virtual Machine (or Azure VM)
Azure Cosmos DB
Azure Container Instance
Azure Function App (Azure Serverless)
Azure Web Service
Azure Kubernetes (Azure AKS or Azure K8s)
Azure Active Directory (or Azure AD)
Azure Insights

Azure Sentinel

Cloud security analytics starts with Azure Sentinel, where you can collect data from all of your users, devices and applications in a hybrid environment, before detecting threat intelligence, investigating unusual activities, and even responding to specific events using orchestration tools and automation. Sentinel is a cloud-native SIEM that allows you to create your own automated processes for protecting against today’s cloud security threats.

Azure SQL

The fully-managed database services from Microsoft are called Azure SQL. These have a wide range of options for migration and modernization projects. Your database options include SQL Server on Azure VMs, Azure SQL Managed Instance, Azure SQL database, and Azure SQL Edge which is meant specifically for connected devices and IoT. This is all built on SQL server technology, just like you may be used to on-premises.

Azure Virtual Machine (or Azure VM)

Azure Virtual Machines (VMs) are the computing resources that you will use when you’re working on Azure. They are fully scalable, and allow you to work on the cloud without needing to buy or maintain physical hardware. The trick for security however, is managing everything that you do on the Azure cloud, such as configuring workloads, patching applications, and safely installing and maintaining software. Virtual machines can be used for development and testing, to run applications on the cloud, and as extended data centers connected to your overall network.

Azure Cosmos DB

Looking to “manage data at planet scale?” That’s the slightly corny promise of Azure Cosmos DB, a fully-managed NoSQL database for organizations looking to leverage app development on the cloud. We’re talking the fastest possible response times of under 10 milliseconds, and also 99.999% availability. Instant and automatic ability to scale, and they also throw in an open-source API for MongoDB and for Cassandra, too. Cherry on the top? Auto-updates, management and patching.

Azure Container Instance

Want to just run your application without worrying about the virtual machine or infrastructure element of it? You’re looking for Azure Container Instances. You get fast compute that is isolated and secure, and increased agility as a result of being able to deploy containers on demand, provisioning extra compute resources as and when you need them. Containers are inherently lightweight, and there are a lot of in-built security features that come from Azure, such as hypervisor isolation which allows your containers to function without sharing a kernel with any others.

Azure Function App (Azure Serverless)

This is Azure’s serverless compute platform, and it offers the chance to develop from end-to-end with a wholly local experience. Your function will scale based on the volume of your workload, and at all times you can focus on the app – rather than the underlying infrastructure. As Function App is event-driven, you can create integrated triggers that automate your response to specific events, and it’s also incredibly flexible in terms of the programming languages and hosting options you can use. You can even pick and choose for each project, depending on what you need.

Azure Web Service

Do your developers just want to build? They probably are already fans of Azure Web Service, which helps speed up time to market for web apps using programming languages including .NET, Java, Node.js and Python. The fully managed platform handles patching, provisioning and load balancing, and you can use pre-built templates to make it even quicker to hit the ground running. Azure web service includes integration with GitHub source code, live debugging and single-click publish. Your developers can enjoy CI/CD pipelines and see that apps are updated automatically as the source code changes.

Azure Kubernetes (Azure AKS or Azure K8s)

Call it Azure Kubernetes, call it AKS, or call it Azure K8s – it all means the same thing. This is how you can use a fully managed Kubernetes service on the Microsoft Azure cloud. AKS is serverless Kubernetes, offering the ability to build, deliver and scale applications in the quickest way possible.

We’ve spoken a lot in the past about the risks of Kubernetes, including dangerous default permissions that need managing, and exploitation of the unique Kubernetes control plane that could lead to account takeover. Our Kubernetes security webishop is a really hands-on and immersive way to start understanding the foundation of protecting yourself and your applications and data when using K8s on Azure.

Azure Active Directory (or Azure AD)

Identity and Access Management (IAM) on Azure is called Azure AD, or Azure Active Directory. This will allow your employees to log in and access the resources they need securely. Even if employees are not on-site, they can get access to their applications with the help of pre-defined governance for your organizational needs.
However, IAM on Azure comes with its own challenges. For example, using the layers of the system, you can connect IAM roles to various workloads by using system identity and user identity configurations. It’s important to recognize how these could add risk to the environment and even open the door for a full account takeover. All settings therefore need to be analyzed.

Azure Application Insights

Azure Application Insights combines data from your SDKs with the diagnostic data that Azure is collecting from all of your various cloud services. This is then used to give you feedback on your performance, availability and usage. You can create Insights and Azure Diagnostics for each role, plan resources and resource groups, and use the information from Azure Insights to uncover potential issues and anomalies in either a hybrid or cloud-native environment.

Want to learn more about keeping your Azure cloud environment secure? Reach out to schedule a demo of our contextual cloud security solution.

-----------------------------------

About Lightspin

Lightspin’s context-based cloud security empowers cloud and security teams to eliminate risks and maximize productivity by proactively and automatically detecting all security risks, smartly prioritizing the most critical issues, and easily fixing them. For more information, visit https://www.lightspin.io/