14 March 2022
Securing Your Cloud Enterprise Workloads – Network Segmentation, Private Endpoints and NAT gateways
With global economies quickly entering the #datadriven economy and with data now being viewed as a strategic asset for future value creation, there is an increasing awareness of the importance in protecting that asset through data- and #cybersecurity measures, an aspect that’s also important to build trust among enterprises, organisations and individuals to share and exchange data, pivotal for enabling data as a driver for #digitalinnovation. It’s easy to understand why #informationprotection and #cybersecurity are increasingly becoming focus areas across IT departments as awareness of cybersecurity threats, attacks and their potential implications such as #dataloss, #ransom etc. grows.
Some of the most sophisticated #security and defence #systems in the world utilize a layered approach to security, and many of those concepts are applicable in the #digital realm as well in e.g. enterprise #solution and #securityarchitecture. In one recent workload, I together with the team spearheaded the deployment of virtual network and subnet, with NSGs, integrated #azure #functions, with outbound traffic routed through a #nat #gateway with a static public IP for consuming a third-party application that uses an allow list of IP addresses as a security measure. The benefits of virtual network and subnet integrated resources are numerous, such as network segmentation, enabling private endpoints though #azure Private Link and service endpoints for granular access control in #azure #paas services such as #azure #cosmosdb, #azure #storage and #azure #sql Database. Given that a network rule has been added in the service, and the service endpoint has been added to the subnet, the virtual network #acl will switch the source of the incoming traffic from a public IP to the virtual network addresses, fully removing public internet exposure. Even though virtual networks are isolated by nature, VNet peering can be used if applications needs to communicate to resources in other virtual networks.
Public IPs cannot always be avoided of course, calling for sufficient monitoring, preventing and responding to #malicious#threats and #cyberattacks becomes even more important. #microsoft is the only #cloudserviceprovider that is also a global cybersecurity provider and has adopted a very open approach sharing technical reports on new attacks days or hours after discovery with one example being the cyber attacks on Ukrainian authorities in mid-January 2022. Microsoft also recently launched “Security Insider” aimed at providing #businessleaders and #cisos with general cybersecurity developments, insights and threat intelligence with the first episode “When nation-states attack” covering the increase in ransomware and supply chain attacks in recent years, more in the link below.
As someone who is interested in the world and society around us, it’s hard to not comment on the current course of events. The grim truth is that large, full-scale war between nations has returned to Europe. The change in policy in some European countries in a short amount of time is staggering. The strength and speed of the actions imposed by the European Union and European Commission at the beginning of the conflict is commendable, I think it’s this kind of determined and firm action and leadership, coordinated together with allies and partners and rooted in belief of universally shared concepts, even on issues outside our common European Union borders, that’s needed for Europe to have a continued and extended leading role in the world. A while ago, Ukrainian authorities recommended citizens to refrain from recording or photographing what’s happening on the streets. With reports of thermobaric weapons and bomber aircraft used in recent days and that chemical weapons may be used, things are getting worse rapidly. Even though it’s something I’ve had in mind earlier, recent events have prompted me to start contributing monthly through my company to Médecins Sans Frontières. Everyone should have an undeniable right for self-determination, freedom to speak their mind, free from need and free from fear. Let’s hope a resolution to this conflict is found soon.
19 July 2023
Welcoming Sanjeev Bharti to Axelsson Cloud Consulting Team
Axelsson Cloud Consulting Europe is excited to introduce our newest team member, Sanjeev B, a Senior Azure Software Engineer Consultant, joining us in Berlin. “We are excited to have Sanjeev B on board with us. With his extensive experience in cloud solution architecture, software engineering, and a proven track record of successfully deploying projects globally, ... Welcoming Sanjeev Bharti to Axelsson Cloud Consulting TeamView more
3 July 2023
Welcoming Muhammad Wasif Khan to Axelsson Cloud Consulting team
Axelsson Cloud Consulting Europe is delighted to welcome its newest team member, Muhammad Wasif Khan, a senior DevOps engineer, to our Berlin office. “It gives me great pleasure to welcome Mohammad Wasif Khan to our dedicated team in Berlin. With his long experience in leading significant digitalization and automation projects in numerous verticals, including government-backed ... Welcoming Muhammad Wasif Khan to Axelsson Cloud Consulting teamView more
1 June 2023
Welcoming the expertise of Mahesh Patkar to Axelsson Cloud Consulting
Axelsson Cloud Consulting is thrilled to bring onboard its new Azure Cloud software engineer consultant, Mahesh Patkar, to our team in Gothenburg. “We are absolutely delighted to welcome Mahesh Patkar to our team in Gothenburg. His robust multi-year professional consulting experience, combined with his impressive track record in digital transformation projects and data migration platforms ... Welcoming the expertise of Mahesh Patkar to Axelsson Cloud ConsultingView more