Actionable Guide to Microsoft Azure Security Concerns

Posted by: Vladimir Stefanovic March 23, 2020

Category: Topic: Cloud Security

Much like any other public provider of cloud-based or cloud-native services, Microsoft Azure too brings a plethora of advantages, but also a handful of challenges and concerns. These challenges are often pegged to the very process of cloud migration, while the concerns almost always refer to potential security-related issues. 

Needless to say, security is a crucial aspect of any cloud-based app, service or infrastructure, which is why properly approaching and tackling all potential security-related pain points is paramount for businesses that have at least one of their components running in the cloud. 

Those coming from the cloud computing landscape (or should we say cloudscape) probably already know that the three biggest players on the market – Microsoft Azure, AWS, and Google Cloud – all have a slightly different approach to the services they offer and the audiences they tend to target. 

For example, Azure is perhaps more enterprise-oriented, while AWS and Google tend to gravitate more toward the consumer. This also reflects on security concerns that may be bestowed upon the Azure users and aren’t likely to pertain to AWS and Google Cloud consumers.

These are usually the following: 

That said, let’s go over 6 of the most common Microsoft Azure security issues and concerns companies are struggling with. 

1. Azure Binary Large OBject (BLOB) Storage Tends to Be a Common Hacking Target 

Since Microsoft is a familiar ecosystem and Azure a trusted free-to-set-up environment, it has been a slightly more frequent target of hacking attacks than Google Cloud or AWS. Malicious links carrying malware, along with compromised accounts, are a common occurrence within this type of architecture. PDF-based phishing campaigns have also been taking place, which has been associated with Azure blob storage hosting.

The reason these attacks are more common with Azure is that the phishing campaigns that are oriented around Azure blob storage tend to be cost-effective, very easy to set up, and overall quite effective in their mission. It is also important to mention that Azure BLOB offers various ways of access protection including setting up access via Azure Virtual Network only, setting up Firewall/ACL, implementing Storage Access Policy and Shared Access Storage (SAS), etc.

This is why we recommend that anyone utilizing Azure blob storage approach this security concern with raised awareness and even consult Azure experts for best practices in dealing with this kind of attack. 

2. Identity-Based Attacks

Actionable Guide to Microsoft Azure Security Concerns

In today’s public cloud environment, Identity Protection is among the most important aspects of cloud security. This includes:

As Microsoft identity tools were migrated from its on-premise systems into the cloud, these tools are now being utilized by businesses around Azure. Organizations working with AWS, on the other hand, typically handle identity protection by using the active directory from a CASB (Cloud Access Security Broker) tool, whereas Azure users are most likely to use Microsoft’s identity tools on a company level.

Attack provisioning in Azure is usually done by using the company’s passwords and tenant ID across all sites, which is potentially the main reason why we have been seeing more identity-based attacks against Azure compared to other cloud providers. 

The best practice solution for this issue is to create an infrastructure environment that combines both Microsoft’s identity features and a third-party CASB tool that has effective authentication capabilities. CASBs are great for correlation between different types of access taking place across a server, especially in cases where the identity of a user is known. 

3. Azure’s Firewall as a Pain-Point 

Although Azure’s firewall doesn’t require much work in terms of deployment and configuration, and even though it does provide numerous advantages, there are still certain pain points and limitations that may interest companies that rely solely on Azure’s firewall. 

Some of these limitations include: 

More information on Azure firewall advantages and limitations available here

4. Microsoft Tends to be a Frequent Malware Target

As malware has proven to be a rather easy way of gaining control over a machine, Microsoft’s Windows has been a frequent target of malware-based attacks. To battle this issue, the Azure Security Center provides a built-in anti-malware system, while there’s also room for utilizing third-party anti-malware tools that can help you ward off attacks. 

Azure Security Centar provides its users with a security overview and best practice security recommendations, but it is not a service that can fully implement protection and overall cloud security. Certain services can be protected via ASC, but it essentially only gives instructions to tools about which action to perform for which service. 

5. Azure Cosmos DB Database Service as Attack Target 

When it comes to IaaS, numerous deployment aspects in Azure tend to be more IT-centric instead of cloud-centric, which possibly comes as a result of Microsoft’s relationships with traditional enterprises. This led to the data stored within Azure being more private and less accessible over the internet when compared to AWS environments. 

However, although network attacks are potentially less likely to happen in Azure, there are certain components – like the Azure Cosmos DB database service – that are frequent targets of hackers, which comes as a result of it being open to the internet. This is why some experts suggest companies shouldn’t keep their sensitive data stored within Azure Cosmos. 

Summing Up

Properly understanding and approaching potential security concerns and limitations that come with Microsoft Azure is a prerequisite to having a strong, stable and highly secure infrastructure. Much like any other cloud-based service, Azure comes with both advantages and vulnerabilities in terms of data and account protection. Being capable of tackling, optimizing and monitoring cloud security should be a critical component of any cloud management process.

In case you still have doubts about Azure security and you are unsure how to approach this important task, we suggest you schedule a call with our cloud security experts and see where your business currently stands with these issues.   

Schedule a call

It's free of charge!

Start

Keep reading

Leveraging AWS Infrastructure as Code to Build Scalable Infrastructure for SMBs

14.06.2021

SMBs (small to medium-sized businesses) and the AWS Infrastructure as Code approach are also a match made in heaven. Learn why >>

read more

Interview with Simon Best, CEO of BaseKit

03.06.2021

Solutions like BaseKit enabled many small and local businesses to survive the Covid crisis with opening the online sphere. Read the interview with their CEO Simon Best.

read more

Why is Google Cloud a good choice for SMBs?

18.05.2021

Recently, we‘ve seen a surge in demand for our managed Google Cloud services, coming from small companies. Take a closer look at why Google Cloud is a good match for SMBs.

read more