Securing Your Cloud Enterprise Workloads – Network Segmentation, Private Endpoints and NAT gateways

With global economies quickly entering the #datadriven economy and with data now being viewed as a strategic asset for future value creation, there is an increasing awareness of the importance in protecting that asset through data- and #cybersecurity measures, an aspect that’s also important to build trust among enterprises, organisations and individuals to share and exchange data, pivotal for enabling data as a driver for #digitalinnovation. It’s easy to understand why #informationprotection and #cybersecurity are increasingly becoming focus areas across IT departments as awareness of cybersecurity threats, attacks and their potential implications such as #dataloss, #ransom etc. grows.

Some of the most sophisticated #security and defence #systems in the world utilize a layered approach to security, and many of those concepts are applicable in the #digital realm as well in e.g. enterprise #solution and #securityarchitecture. In one recent workload, I together with the team spearheaded the deployment of virtual network and subnet, with NSGs, integrated #azure #functions, with outbound traffic routed through a #nat #gateway with a static public IP for consuming a third-party application that uses an allow list of IP addresses as a security measure. The benefits of virtual network and subnet integrated resources are numerous, such as network segmentation, enabling private endpoints though #azure Private Link and service endpoints for granular access control in #azure #paas services such as #azure #cosmosdb, #azure #storage and #azure #sql Database. Given that a network rule has been added in the service, and the service endpoint has been added to the subnet, the virtual network #acl will switch the source of the incoming traffic from a public IP to the virtual network addresses, fully removing public internet exposure. Even though virtual networks are isolated by nature, VNet peering can be used if applications needs to communicate to resources in other virtual networks.

Public IPs cannot always be avoided of course, calling for sufficient monitoring, preventing and responding to #malicious#threats and #cyberattacks becomes even more important. #microsoft is the only #cloudserviceprovider that is also a global cybersecurity provider and has adopted a very open approach sharing technical reports on new attacks days or hours after discovery with one example being the cyber attacks on Ukrainian authorities in mid-January 2022. Microsoft also recently launched “Security Insider” aimed at providing #businessleaders and #cisos with general cybersecurity developments, insights and threat intelligence with the first episode “When nation-states attack” covering the increase in ransomware and supply chain attacks in recent years, more in the link below.

Cybersecurity + Threat Intelligence | Microsoft Security Insider

As someone who is interested in the world and society around us, it’s hard to not comment on the current course of events. The grim truth is that large, full-scale war between nations has returned to Europe. The change in policy in some European countries in a short amount of time is staggering. The strength and speed of the actions imposed by the European Union and European Commission at the beginning of the conflict is commendable, I think it’s this kind of determined and firm action and leadership, coordinated together with allies and partners and rooted in the belief of universally shared concepts, even on issues outside our common European Union borders, that is what’s needed for Europe to have a continued and extended leading role in the world. A while ago, Ukrainian authorities recommended citizens to refrain from recording or photographing what’s happening on the streets. With reports of thermobaric weapons and bomber aircraft used in recent days and that chemical weapons may be used, things are getting worse rapidly. Even though it’s something I’ve had in mind earlier, recent events have prompted me to start contributing monthly through my company to Médecins Sans Frontières. Everyone should have an undeniable right for self-determination, freedom to speak their mind, free from need and free from fear. Let’s hope a resolution to this conflict is found soon.