Securing cloud native enterprise workloads – a real-world implementation

With the constant increase in pace of digitalization, it is easy for many of us to take digital services for granted. Despite the fast speed of digitalization, digital defense and cybersecurity have not always managed to keep up with the pace, leaving gaps of vulnerabilities in business-critical IT systems. This case study will present a real-world implementation reference on how to secure business critical workloads in Azure.

Case Example

Cyberattacks are becoming more and more common these days and they do not only attack government agencies or defense and high tech companies. Any companies who adopt digitalization are also exposed to the threat.

Back in July 2021, one of the biggest grocery chains in Sweden, Coop was attacked by ransomware. The ransomware attacked their Kaseya software which managed their various management networks including payments. The attack hijacked the cashier system completely and because of that, customers suddenly couldn’t pay for their groceries.

The attack shut 700 out of Coop’s 800 stores across the country for a duration of 6 days in order to fix and re-installation of the store-servers with unique settings and store information to avoid future attacks that may cripple the whole business. Coop is estimated to have lost more than 10 million Euro in revenue due to the attack that shut the business for a week.

This example does not emphasize on the weakness of Kaseya software as it is still the top 3 software for Remote Monitoring and Management Software, but it emphasizes on the security vulnerability that is faced by IT solutions due to the fast pace of digitalization and automation.

Axelsson Consulting Solutions

Many of the cyberattacks can be avoided through proper planning and rigorous identification of possible security vulnerabilities. As certified Microsoft Azure experts, we understand the increase in demand for highly secure cloud solutions, which is covered very well by Microsoft’s products.

A layered approach to security is used by some of the world’s most advanced security and defense systems, and many of those principles apply to the digital environment as well, such as enterprise solutions and security architecture. In a recent workload, Axelsson has led the construction of a virtual network and subnet with NSGs, integrated Azure services, and outgoing traffic routed through a nat gateway with a static public IP for consuming a third-party application that employs an allow list of IP addresses as a security mechanism. 

Network segmentation, allowing private endpoints with Azure Private Link, and service endpoints for granular access control in Azure PaaS Services such as Azure CosmosDB, Azure Storage, and Azure SQL Database are just a few of the advantages of virtual network and subnet integrated resources. The virtual network acl will move the source of incoming traffic from a public IP to the virtual network addresses after a network rule has been added to the service and the service endpoint has been added to the subnet, completely removing public internet exposure and adding a more secure layer to your cloud activities. VNet peering can be employed if applications need to connect with resources in other virtual networks, despite the fact that virtual networks are segregated by nature.

Indisputably, public IPs cannot always be avoided, therefore adequate monitoring, prevention, and response to harmful threats and assaults becomes even more critical. Microsoft is the only cloud service provider that also provides global cybersecurity, and it has taken a highly open approach to share technical data on new cyber attacks days or hours after they are discovered.