In InfoSec we continually encounter the unknown, the unfamiliar. Technology marches ever forward, application design matures, bells and whistles chime and toot. This commonly results in the InfoSec professional needing to responsibly secure technology that they don’t holistically understand. Attackers know this, for it is within those gaps in understanding that malicious activity may most readily occur and may do so without notice.
A common InfoSec response to the unfamiliar is to attempt to cover all potential angles of attack, regardless of whether they are pertinent to the technology. This is done in order to ensure that we meet both risk and governance management goals. The result of this approach is rarely better security. Rather, it typically results in unnecessarily complicated security control implementations that are neither functional (e.g., they don’t do what we want/expect them to do) nor operational (e.g., our personnel can’t adequately manage them).
How do we avoid over-complication in our security controls? We focus on the fundamentals: Preparation, Awareness, Response.
Migrating e-mail and productivity apps to the cloud is a no brainer. Continuous updates, access from anywhere, no need to manage the supporting servers and associated hardware…the benefits are clear. As with any IT outsourcing, however, careful planning around security measures is essential. And with your O365 environment exposed to the public internet, security best practices are even more important.
While securing Office 365 is an ongoing effort, there are several top priorities that should be first to be addressed after your migration.
Digital transformation may be a bit of a catch all for adopting modern IT principles and technologies, from cloud platforms and services to mobility and big data to DevOps practices, but it is a real movement throughout the business realm.
The primary gist is to not only introduce new tech, but to also take a close look at the business processes and organizational units behind them to ensure that innovation can occur, and the bottom line is improved. In other words, technology for the sake of technology won’t solve any business problems. You must transform your entire organization with a combination of technology and process.
True digital transformation involves your entire organization and results in the integration of various systems and operations across the business. If that sounds like a major undertaking, it is.
It also comes with a slew of information security concerns that should not be overlooked in the rush to the cloud.
If you’ve newly set foot on the path of an InfoSec student, you will benefit from understanding this topic. If you’ve been around awhile, you’ve lived it.
There are two basic types of Information Security engagements in terms of how they are scoped. This is most applicable to managed services providers (MSPs), though it remains relevant to a practitioner supporting an internal corporate or public sector security team. For the sake of simplicity, I’m going to call them FFP and T&M. The purpose of this blog isn’t to dig deep into financial models, but rather to discuss, in a simplified manner, how they drive the delivery of work. And then, to discuss an alternative model.
With both Fixed Firm Price and Time & Materials engagements – and really any other model of InfoSec contract scope – there are some overlapping goals and realities.
Microsoft recently revealed a service called Azure Bastion that allows customers a more secure way to connect and access virtual machines (VMs). It uses Remote Desktop Protocol (RDP) and Secure Shell (SSH) network protocol alongside Secure Sockets Layer (SSL) encryption.
Bastion connects VMs, your local computers, and cloud resources without exposing them to public network connections. As a Platform as a Service, it simplifies the process of setting up and administrating bastion hosts or jumpboxes in your cloud environment.
But what are bastion hosts or jumpboxes? And why would you use them, or a service like Azure Bastion?
You would be a woefully uninformed and unprepared as an IT admin if you didn’t know that two major Microsoft products, the 2008 versions of SQL Server and Windows Server, are each about to reach their end of support. That means it’s time to upgrade or migrate lest you fall victim to inevitable security vulnerabilities.
One big question when facing a major software upgrade such as this is whether to remain in place, so to speak, and update to the latest version from your current deployment scenario on premise or in a hosted environment, or to move to a cloud-based server – namely Azure, since that offers you tight integration and lower costs with Microsoft products such as these.
SQL Server end of support is imminent, coming up on July 9, 2019. Windows Server has a few months to go, ending support on January 14, 2020.
It is generally understood, with broad industry concurrence, that an InfoSec skills gap exists and presents a significant challenge for those of us responsible for managing risk within an organization. To close the skills gap, an organization must first understand the competencies required by security teams in their pursuit of information technology risk management.
Information security consists of three core archetypes: builders, breakers, and defenders. It is through recruiting and building the skills of these archetypes that the foundations of highly functional security teams are formed.
This is Part Two and the final entry in our introductory blog series on Azure Sentinel, Microsoft's new Security Information and Event Management (SIEM) tool for Azure environments. Read Part One here for information on what Sentinel is, how to set it up, and how to begin importing data from your Azure PaaS and IaaS.
In Part Two, we'll examine deeper functionalities within Sentinel including Machine Learning, queries, and automation.
Azure Sentinel is Microsoft's cloud-native SIEM (Security Information and Event Management) service with built-in AI analytics. It reduces the cost and complexity to provide a single pane of glass to get central and near real-time view of your whole environment.
Threats related to infrastructure, networking, users, and applications can be monitored via Azure Sentinel. As a cloud-native service, it scales as per your needs. It collates the data from your environment on-premises, in Azure, and any third party cloud providers. It uses Microsoft Threat Intelligence to analyze all the signals and filters out the noise from actual relevant alerts.
This two part blog series will introduce you to Azure Sentinel and show you how to get set up with the service and start exploring its many features.
Another year successful year has gone by on the Green House Data blog. We're thrilled to surpass 150,000 views in 2018! Thanks for reading our humble blog. In case you missed anything, here are the five top posts from 2018, covering VM performance monitoring, GDPR, and a subject no modern blog should be without…millennials. And more!
Don't forget to tune in after the New Years for more great data center, cloud, and managed IT services content!