Most organizations have secrets, such as private keys and passwords that need to be protected. Many organizations (rightly) are very sensitive to where the secrets are stored, and how they are used. On premises, it’s possible to simply store the keys on a USB drive in a safe, for example, but for larger organizations this … [Read more…]
As organizations increasingly move data and services to Azure, it can be difficult to assess whether the services are implemented in a secure fashion. Many of the traditional datacenter security good practices apply in Azure, but they don’t necessarily translate in an obvious way. Moreover, with the ease with which an administrator can add resources, … [Read more…]
One of the features that I’m really excited about, announced at Ignite, is Pass-Through Authentication for Azure AD. Many customers feel the need to install AD FS in their environment to provide single-sign-on and consistent authentication for their users, or they have a security (audit, authentication barrier) or HR (enforce logon hours) need to perform authentication via their domain controllers. … [Read more…]
I have some follow-ups to my previous post on disk encryption in Azure, after I attended BRK3277 – Protect your data using Azure’s encryption capabilities and key management. I learned some interesting tidbits about how this works – the presenter is the owner of the functionality within Microsoft, so I’d consider his information to be authoritative. There’s … [Read more…]
I was privileged to be asked to review an advance copy of the eBook recently released by Pete Zerger and Wes Kroesbergen on the subject of Information Security. Targeted at an executive audience, the eBook discusses the current state of information security and the challenges that face the security officer in the current environment. It … [Read more…]
This post will walk you through the configuration necessary to encrypt a virtual machine’s hard drives in Azure. This post applies only to Windows VMs running in Microsoft Azure; the process is different for Linux VMs. I should note that this does not make use of a key-encrypting key, which may be important to you. … [Read more…]
Last week, I was in Atlanta for the Microsoft Ignite conference! I had wonderful plans for making a few blog posts during the conference, but that didn’t happen. I’m in awe of those who were able to post great blog posts while participating in the conference, but between information overload, the wonderful fitness regimen that the … [Read more…]