Why monitoring the secure score should be part of your security management

How how and why of the Secure Score

Microsoft describes it as a measuring tool for your organization to determine how your security management is doing and what actions you can still take to increase this score. Why is this so important and what business value is attached to it? Simple: you want to identify vulnerabilities in time, ward off threats, keep the impact of vulnerabilities as low as possible and limit future risks.  

• Systems that are not up-to-date are riskier
• Backing up is a given with Microsoft Defender for Cloud in Azure
• You don't want a data breach and thus apply data encryption
• You want to control access to systems as well as possible with associated permissions and auditability. Asset management is what we call that
• Endpoints need to be protected. Especially the information wiped out between the API
• Anyone seeking ISO certification must be compliant and in Cloud Defender there is a template for that to monitor whether you are and remain up-to-date

So what is a good secure score? We would argue that a secure score of 30-35% is low on average. However, 100% you're hardly going to see anywhere. That would mean your systems are no longer flexible and you don't want that. A market average which is considered good is a score above 70%. Be aware that once you've secured a good secure score with your organization, you want to keep it. So as more functionality is added from the application or from Microsoft, it is important to keep monitoring. After all, a lower percentage means more risk on the points mentioned above.  

Previous blogs you may find interesting:  

• With the Key Vault of Microsoft Azure, all your secrets are safe!
• Cloud & Governance Tip - Managed Custom Domains available for Azure API Management

Security recommendations in the Microsoft Defender for Cloud

Have you taken a look inside your portal yet? You'll get tips on MFA (both at the organizational level and at the subscription level), management ports and much more. Not using Azure yet and not getting these recommendations but want to know more about it? Then check out Modern Service Management | Bizure or send us a message.  

An example? Consider Azure AD Privileged Identity Management (PIM) Through PIM, we can assign permissions to certain roles (e.g., contributer or admin). From again an auditable process, we can request access to systems, track who made what changes on production and track that later if needed. This is easily arranged through a workflow. You're going to read more about this compliancy in the fourth blog. So, stay tuned!  

Marco's tip: make your environments secure and do so in a uniform way that makes it understandable for both business and IT and allows actions to be taken immediately if the situation calls for it. The secure score can be a good guide in this so make use of it!

Proactive monitoring to mitigate security risks  

If you are an IT Manager, Security Officer or Developer, then the security score is familiar to you (if all goes well). The business increasingly sees the value of security issues because their environment is often public facing and therefore it is a must to ensure that end users' data is safe in the cloud and partners can collaborate as efficiently as possible on the platform with the right credentials. For example, if there are a lot of unknown requests per day on your site then you know there is a potential risk. With the proactive security monitoring we can find out exactly what the problem is.  

If there is a critical issue it will be communicated with suggested action and possibly direct execution. You can also set up direct alerting so that you are immediately aware of a vulnerability. Should a change affect end users, it is wise to weigh risk and impact.  

Bizure provides proactive monitoring on your IT landscape, subscriptions, platforms, API management and your cloud architecture.

• TeamValue | Expert in mission-critical applications and Azure DevOps for more on a stable and reliable cloud environment
• Bizure | A new way of IT management for more on monitoring and our XLA collaboration

Find Blog 1 from this security management series via The importance of MFA - why you really need to have it in place by 2022.