14 March 2022

Securing Your Cloud Enterprise Workloads – Network Segmentation, Private Endpoints and NAT gateways

With global economies quickly entering the #datadriven economy and with data now being viewed as a strategic asset for future value creation, there is an increasing awareness of the importance in protecting that asset through data- and #cybersecurity measures, an aspect that’s also important to build trust among enterprises, organisations and individuals to share and exchange data, pivotal for enabling data as a driver for #digitalinnovation. It’s easy to understand why #informationprotection and #cybersecurity are increasingly becoming focus areas across IT departments as awareness of cybersecurity threats, attacks and their potential implications such as #dataloss#ransom etc. grows.

Some of the most sophisticated #security and defence #systems in the world utilize a layered approach to security, and many of those concepts are applicable in the #digital realm as well in e.g. enterprise #solution and #securityarchitecture. In one recent workload, I together with the team spearheaded the deployment of virtual network and subnet, with NSGs, integrated #azure #functions, with outbound traffic routed through a #nat #gateway with a static public IP for consuming a third-party application that uses an allow list of IP addresses as a security measure. The benefits of virtual network and subnet integrated resources are numerous, such as network segmentation, enabling private endpoints though #azure Private Link and service endpoints for granular access control in #azure #paas services such as #azure #cosmosdb#azure #storage and #azure #sql Database. Given that a network rule has been added in the service, and the service endpoint has been added to the subnet, the virtual network #acl will switch the source of the incoming traffic from a public IP to the virtual network addresses, fully removing public internet exposure. Even though virtual networks are isolated by nature, VNet peering can be used if applications needs to communicate to resources in other virtual networks.

Public IPs cannot always be avoided of course, calling for sufficient monitoring, preventing and responding to #malicious#threats and #cyberattacks becomes even more important. #microsoft is the only #cloudserviceprovider that is also a global cybersecurity provider and has adopted a very open approach sharing technical reports on new attacks days or hours after discovery with one example being the cyber attacks on Ukrainian authorities in mid-January 2022. Microsoft also recently launched “Security Insider” aimed at providing #businessleaders and #cisos with general cybersecurity developments, insights and threat intelligence with the first episode “When nation-states attack” covering the increase in ransomware and supply chain attacks in recent years, more in the link below.

Cybersecurity + Threat Intelligence | Microsoft Security Insider

As someone who is interested in the world and society around us, it’s hard to not comment on the current course of events. The grim truth is that large, full-scale war between nations has returned to Europe. The change in policy in some European countries in a short amount of time is staggering. The strength and speed of the actions imposed by the European Union and European Commission at the beginning of the conflict is commendable, I think it’s this kind of determined and firm action and leadership, coordinated together with allies and partners and rooted in the belief of universally shared concepts, even on issues outside our common European Union borders, that is what’s needed for Europe to have a continued and extended leading role in the world. A while ago, Ukrainian authorities recommended citizens to refrain from recording or photographing what’s happening on the streets. With reports of thermobaric weapons and bomber aircraft used in recent days and that chemical weapons may be used, things are getting worse rapidly. Even though it’s something I’ve had in mind earlier, recent events have prompted me to start contributing monthly through my company to Médecins Sans Frontières. Everyone should have an undeniable right for self-determination, freedom to speak their mind, free from need and free from fear. Let’s hope a resolution to this conflict is found soon.

More news

20 November 2023


Axelsson attends MSP Global 2023 conference at Nürburgring

This November saw the kick-off of the first MSP Global conference, an event where MSPs, MSSPs, and service provider, digital services reseller, and independent software vendor decision makers gathered for networking, knowledge-sharing, sales and business development strategy tips and insights and more during the two-day tech conference at the Nürburgring. Kristoffer Axelsson, Muhammad Sameer and ... Axelsson attends MSP Global 2023 conference at Nürburgring

View more

11 October 2023


Revolutionizing Alarm Control with Azure IoT & LoRaWAN – Axelsson Delivers Solution for Remote Facility Alarm Management

In the rapidly evolving digital landscape, our team’s latest venture marks a significant leap in facility monitoring and management. We have successfully implemented an advanced IoT Azure solution for one of our new clients in the US, transforming the way alarms and procedures are handled in real-time across various facilities, including manufacturing sites and schools. ... Revolutionizing Alarm Control with Azure IoT & LoRaWAN – Axelsson Delivers Solution for Remote Facility Alarm Management

View more

19 July 2023


Welcoming Sanjeev Bharti to Axelsson Cloud Consulting Team

Axelsson Cloud Consulting Europe is excited to introduce our newest team member, Sanjeev Bharti, a Senior Azure Software Engineer Consultant, joining us in Berlin. “We are excited to have Sanjeev Bharti on board with us. With his extensive experience in cloud solution architecture, software engineering, and a proven track record of successfully deploying projects globally, ... Welcoming Sanjeev Bharti to Axelsson Cloud Consulting Team

View more
Back to News