Best practices to combat hacking

A blog about MFA, PIM, Azure policies, anomaly detection and budgeting in Microsoft Azure.

3
 min read |  
13/12/2022
 |  
Business critical applications

After our 4-part blog series on Security Management, we couldn't help but follow this up with blog 5. The best pracitices to counter hacking and minimize your risks. See below 4 (new) tips.

Simon Deeb, one of our cloud colleagues, attended Microsoft's App Innovation Event in late November. The following message quickly emerged: on all accounts that have rights to an Azure Subscription, turn on MFA! Why? There are hackers active who turn on as many VMs (virtual machines) as possible in Azure subscriptions that are not properly secured and deploy them for crypto mining. An urgent warning shared by Tony Krijnen, Cloud Solutions Architect Security & Compliance. See also this post.

1. Turn on MFA!  

We may be repeating ourselves a bit. But this is a tip that is the number one priority. For this, Simon is happy to point you to colleague Joe's blog. The importance of MFA - why you really need to have it in place by 2022 (teamvalue.com).

2. Use PIM for roles that are allowed to create resources

By default, your user settings are hopefully set to 'reader/user'. Via PIM (Privileged Identity Management) you can give 'contributors' or 'super admins' various roles via the Azure portal. Marco also referred to it in his article how important this setting is for your secure score > Why monitoring the secure score should be part of your security management (teamvalue.com). For simple adjustments you can create a resource yourself and don't need approval. You do when it comes to a production environment. Then you need additional approval for the audit trail. PIM is part of security policy and part of the Zero Trust principle & Just-in-time access. Apply this tip and your user management is no longer chaos from now on.  

3. Set your Azure policies properly and don't create VMs unnecessarily

What do we mean by this? If your business does not involve graphics and Machine Learning, VMs with GPUs (graphics processing units) are of little use. You can then simply set policy and not create unnecessary VMs. The rights of your team will be set slightly differently. The allowed resources rules are determined together as an organization. For example, do you allow resources from Brazil or China? Do you place your app services and storage accounts only within Europe? We call these the 'game rules' for your Azure environment. What has your organization already set up to prevent hacking? Lower your risks!

4. Turn on anomaly detection and budgeting within your Azure environment

It's easy to set up and, according to Simon, a real lifesaver. Why? If you do get hacked you don't lose mega money. With anomaly detection you set a maximum budget in Azure. Anyone who follows all the steps above including setting this tip is 99.99% save.  

The above 4 tips are for the Azure tenant and subscriptions. In the new year, we will create an advanced version on enterprise-level engineering where you can read more about the Azure Blueprints, network architecture, managed devices, add extensions and the Modern Workplace.

Download our cheat sheet BizDevOps

We combine data and foresight with intuition and lasting behavior change. How. We wrote out the first steps for you in our BizDevOps cheat sheet. Download it now for free and start your digital transformation today.

5
 min read |  
19/7/2024
Team huddle: A weekly moment for connection and effectiveness in your team
In the digital age where technology drives the way we work, collaboration is becoming increasingly challenging. Teams are scattered across different locations and working on a variety of projects, so connectedness can quickly be lost. How can we ensure that team members stay engaged despite this distance?
Business critical applications
3
 min read |  
19/7/2024
Back to the 80's! - Recap Azure & AI Lowlands
June 27 was the day: the Azure & AI Lowlands event! With the entire Cloud team we traveled to this event, completely in '80s style. Think neon colors, retro games, iconic 80s vehicles and of course a lot of tech talks on Azure and AI.
Our team members
4
 min read |  
5/7/2024
The Role of Agile Coach - In conversation with Gert-Jan
Meet Gert-Jan! Agile Coach at TeamValue. Scrum working is totally his thing. And he likes to help his colleagues with this. Curious about working at TeamValue? Then read on quickly.
More information about this blog? Get in touch with the author(s).
No items found.
Sign up for the newsletter!
SIGN UP NOW
Background

Join our team!

TeamValue is a young and fast growing company with a solid foundation. We are looking for people who have IT skills and enjoy giving workshops. Searching together for the best solution for a customer. That is what we are all about!

Azure Solution Developer

A very dynamic role, in which more than just technical skills are required! You are that Fullstack Software Developer who knows how to build business-critical applications. All your solutions must be rolled out 100% automatically.

Full-time
Zwolle

Cloud Engineer

You are the Cloud Engineer who understands the old world, has a lot of experience in it and secretly wants nothing more than to enter the new world of Modern Service Management and the public cloud. Do you have scripting skills, do you stand for proactive management and are you 'on' when it comes to solving (im)possible problems? The team can't wait to meet you.

Full-time
Zwolle

Business Intelligence Consultant

You have guts! Because you dare to be critical towards our customers. You really help the client one step further. You think with us, ask questions and respond. Because TeamValue goes for the best result.

Full-time
Zwolle