"Stratus" as a Cloud Strategy: Part 2

At OST, we understand that the cloud can be a daunting consideration for your IT organization.  It’s a new way to think about architecture, design, deploying resources, and especially costs.  Certainly, there are potential benefits in the cloud – but the gravity of what a “cloud first” mentality means can often leave IT departments feeling uncertain about how to move forward and take that important first step into the cloud. 
 
With that said: the goal of this blog series is to lay out a few low-hanging wins that can be a gateway to the cloud for your organization.  What’s with the term “stratus” you might ask?  For the long answer, check out Part 1 for the full metaphoric breakdown.  The short answer is stratus clouds are the lowest flying clouds in Earth’s atmosphere.  As a result, they are often boring and dull.  We try to emphasize that you can think about cloud computing the same way.  Where ultimately, it’s okay to knock out a few dull, boring solutions to common challenges faced in traditional IT today, continuing to build on these successes while gaining confidence in your cloud strategy.  Before you know it, you’ll be on your way to doing bigger and better things in the cloud and looking for ways to transform your business!  In part 1, we talked about using the cloud as part of a backup and DR strategy.  For part 2, let’s focus on another common pain point for many organizations:  Security. 
 
A commonly pre-conceived notion of using public cloud is that it necessitates a concession of security.  As if putting resources into the cloud fundamentally makes them less secure.  The truth is, there are more tools than ever in the cloud to help you design and execute a real security strategy for hybrid IT environments.  Let’s think about some of the common questions asked of IT stakeholders surrounding security:  Are our systems patched with the latest updates?  Are we watching our logs?  Are antivirus definitions current?  You get the point.  In many cases, being able to answer these questions in the traditional IT world can often mean complex policies, expensive software solutions, and administrative overhead to oversee security operations in separate toolsets.  Normally we don’t think “cloud first” when looking at security tools – but as the cloud has matured, it is making it easier than ever to provide answers to these security questions.  Let’s take a closer look at Microsoft Azure with a few real-world examples… 
 
By default, Microsoft Azure provides a Security Center that will recommend common best practices for your Azure resources.  If you browse the recommendations, you’ll see notes about things like VMs that should be encrypted, or where endpoint protection is installed and up to date.  These defaults are nice; however, it’s a very short hop to take advantage of much stronger security features in Azure.  With just a few clicks, you can spin up an Azure Log Analytics workspace to enhance visibility into your hybrid IT infrastructure.  From there, you can connect your Azure VM resources as well as your on-prem systems to feed important security data, including logs, into the platform for a comprehensive security view.  Let’s use that as the basis to answer our questions from earlier.

Are Our Systems Patched with the Latest Updates?

Most organizations have ways to install patches today.  That may be Microsoft WSUS, Redhat Satellite, Ubuntu Landscape, etc.  However, having multiple tools and workflows to manage updates can increase the overhead while lowering the success rate of even the most mature patching strategies.  Whether you are running Windows, Linux, on-prem or Cloud native – Microsoft Azure gives you fast insights into how your patching strategy is working.  You’re able to see an “at a glance” graph of your patch deployments as you dive into which systems are missing critical security updates.  If your patching strategy is falling short, you’ll see it quickly and be able to recalibrate.  You can use Azure to schedule and deploy patches to both Azure and on-prem systems quickly and easily.  Even if you have a successful patching strategy, it may be worth consolidating it all under one cloud-managed umbrella.

Are We Watching Our Logs?

Log management and, more importantly, effective log analysis have become critically important in today’s high-risk IT landscape. Unfortunately, neither are easily accomplished at scale.  3rd party tools that help accomplish these tasks are often expensive, difficult to implement, and leave gaps in functionality.  Logs and analysis are areas where Azure has matured recently, and as a result the Log Analytics platform can ingests logs from all your hybrid cloud systems (again, both Windows, Linux, cloud native, AND on-prem).  This functionality is extremely powerful because not only do you get a capability to report and alert on out-of-the box security events, but you have the fast access to deep dive into your logs with an intuitive query language.   With a minimal setup, you now have a very functional forensic analysis and incident response tool at your disposal.  Take the examples below:  in the first, we can see failed logins, password change attempts, and a system with a known web vulnerability.

In the second, we have demonstrated an analytics query to see what user cleared the security event log an on-prem server.  So, not only can you be alerted to events of certain types, but you’ll have a level of intelligence to your logs that are typically quite difficult to achieve even with large and expensive third-party solutions.

Are Anti-Virus Definitions Current?

The antivirus/threat detection functionality is one of the out of the box functionalities with any Azure virtual machine.  Using the same Log Analytics framework, any on-prem machine connected to the Log Analytics/OMS workspace can also be tracked.  Therefore, your organization can have a consolidated view to report on not only critical OS patches, but also antivirus and antimalware deployment and definition updates.  To add to the toolset, another weapon in the fight against ransomware was recently released: Microsoft Azure’s file integrity monitor.   

We’ve all heard horror stories about companies losing data to ransomware.  Even as far as having no other recourse but to pay the ransom.  The goal of the new file integrity monitor is to perform checksums across core files and registries of your cloud and native virtual machines for quick attack and ransomware identification.  These can be configured to monitor Windows and Linux files, as well as Windows registries.  This adds an immense benefit at very little overhead to set up and maintain – it’s a true no-brainer!