Azure Cloud Security.
BlueSilverShift’s security and identity solutions provide a holistic approach to securing your cloud platforms.
From completing a comprehensive security assessment, designing and implementing a federated identity approach to providing 24 x 7 x 365 managed security services, we can mitigate your security risk.
A comprehensive assessment of current state security posture and effectiveness.
Ensuring your security capabilities stand up to the test.
Managed Azure Cloud Security
24 x 7 x 365 security operations across your Microsoft Cloud services.
Design, implement and manage identity across all your systems and platforms.
BlueSilverShift can provide a comprehensive assessment of your cloud security posture from assessing your cloud assets and resources for misconfigurations and non-standard deployments, to ensuring your Identity and access management policies are aligned with your business needs. We provide a complete view of current state and clear steps to drive remediation and mitigate threats.
- Event logging
- Security monitoring
- Backup and recover processes
- Network security including ACL, VPN and ExpressRoute
- Application security groups
- Azure Security Center
- Data encryption
- Key management
With penetration testing, our security professionals identify flaws or gaps in your systems and processes. Using offensive security and real-life scenarios, we pinpoint and manage potential business risks and impacts. Our proactive approach uses security analysts trained in offensive tactics and techniques used by attackers.
We help you to achieve a comprehensive understanding of:
- How adversaries can evade safeguards and compromise systems or personnel undetected
- The real impact of the compromises in terms of a breach of company data, economic loss, or damages to a company’s reputation
Potential attacks used by adversaries are not only limited to vulnerabilities and exposures via the Internet. Organizations may face various threats such as:
- Physical security breach
- Social engineering
- Email scams
- Insider threats such as untrained users or corporate espionage
Our methodology can improve an organization’s awareness of vulnerabilities in software, hardware, process and training. Our analysts then provide recommendations on how to enhance your security and help formulate a strategy to better prevent cyber threats.
We also have the ability to test against non-traditional and emerging IT systems including:
- Industrial control systems
- Radio Frequency Identification (RFID) and wireless systems
- IoT and Internet connected devices
Managed Cloud Security
Cloud and security are often discussed together, and some people still believe that they are mutually exclusive. In fact, the opposite is true. If architected and operationalized correctly, your systems in the public cloud will be more secure than they could be behind your firewall in an on premises data center. Microsoft has made significant investments in securing the physical and virtual infrastructure within Azure and tools within the Azure platform and the Azure Marketplace that can enable a layered, comprehensive security posture for your cloud environment. Tools like Microsoft’s Azure Security Center, Key Vault, DDoS protection and many others can meet the security needs of any organization if architected, implemented and managed properly.
BlueSilverShift can provide managed cloud security as one of its managed services offerings. Included in this service are:
- Monitoring and alerting of security threats against:
- Virtual machines
- Other Azure resources
- Threat response and mitigation
- Anti-virus and anti-malware
- Host and network-based intrusion detection and prevention (IDS/IPS)
- Security Information and Event Management (SIEM)
- Develop automated playbooks to respond in the event of specific known and unknown threats
- Regular security assessments
When planning a public cloud strategy, security architecture is a core component that should be well defined. One of the foundational elements of that security architecture is Identity.
BlueSilverShift works closely with our clients to ask the necessary questions that will ultimately drive out the needed requirements to define a full featured Identity framework and strategy. Key components relate to how the organization wants to interact with outside groups and internal resources as well as to how production is isolated from development and testing environments.
Microsoft offers a unique and expansive authentication method called the Microsoft Consent Framework (MCF). The MCF allows clients to setup authentication methods without having to worry about storing passwords. Microsoft uses this same consent framework to authenticate Office 365 users, so the process is mature and prevalent. The framework integrates applications that should be isolated but still have a need to federate with resources from the parent company’s Azure Active Directory (AAD). We recommend that clients should consider using a separate AAD for this authentication method for development/test and production environments.
Our clients have the option of using MCF in multiple ways, including the use of either Business to Business (B2B) or Business to Consumer (B2C) variants of AAD. Each process can support users coming from Office 365 domains; however, B2C can extend to Facebook, Google or other consumer domains, thereby minimizing adoption hurdles for end users that may not be on Office 365. There are some caveats around how this framework is used to optimize the security posture related to identity. Blue Silver Shift has the knowledge and ability to advise and implement all aspects of the Microsoft Consent Framework.
Beyond modern authentication frameworks, Blue Silver Shift creates an authorization framework that controls end user access to the data through API calls. We can review various authorization patterns that are commonly used which will both protect the data and segregate data between customers with data partitioning schemes to allow the maximum amount of flexibility for future use while maintaining data security.