Karl Ots - Azure Security Handbook: A Comprehensive Guide for Defending Your Enterprise Environment

This Apress imprint is published by the registered company APress Media, LLC part of Springer Nature.

The registered company address is: 1 New York Plaza, New York, NY 10004, U.S.A.

At Microsoft, we invest more than a billion dollars each year in research and development to help our customers secure their organizations digital transformations. For us and many other technology providers, this is one of the fastest-growing technology areas. And while in the IT industry, we usually associate growth as something positive, the case of cloud security is bittersweet. On the one hand, implementing a secure cloud or hybrid footprint is a fundamental best practice. But this fast growth is fueled largely by the need to respond to, and to be one step ahead of, the growing number of malicious actors, including many private-sector offensive actors that are helping democratize cyber threats with their new hacking-as-a-service model.

Then, the COVID 19 pandemic drove a once-in-a-lifetime acceleration in cloud adoption and digital transformation. In the last sixteen months, companies worldwide and their security teams faced new challenges in their effort to support remote and hybrid-work scenarios, all in a short window of time. These unprecedented circumstances demanded a fast response from us at Microsoft. In my role leading community programs for Azure security engineering groups and bringing the voice of our customers into our engineering roadmaps, I saw first-hand an increase in feedback and insights coming from our customers and partners. In response, we are driving a fast evolution of our Azure security services and controls embedded in many Azure components and workloads. As a result, the list of security changes across Azure services and workloads over the last year is vast.

But in parallel to technical evolution, companies face the challenge of quickly upskilling their security teams. As a direct consequence, the need for cloud security experts in all cloud areasidentity and access control, data, applications, infrastructure, and the edgeis in high demand. Our technical libraries and training at https://docs.microsoft.com play an essential part in this effort. My colleagues in CxE also sustain a very active calendar of Azure security webinars that help educate security professionals on the latest releases in our services. You can check them out at https://aka.ms/SecurityCommunity . But even with all these investments in technical readiness, we can only cover so much ground.

This is where members of the security community bring their passion for sharing knowledge with others to play. Their contributions to our technical information complement and strengthen security knowledge in Azure. Further, their contributions often add different perspectives, insights, and scenarios to those covered in our Microsoft documentation.

As both a member of our Microsoft Regional Director program and our Azure Private Security Community, where he represents Swiss Re as Vice President, Cloud Security Architecture, Karl Ots has a long history of sharing valuable feedback and insights with our security engineers. The combination of community leadership and private sector responsibilities experiences gives Karl a deep understanding of cloud security and the steps that companies should take when planning and implementing security for the cloud and multi-cloud with Azure.

In his book, Karl offers much-needed guidance to help organizations that are new to Azure, or cloud security in general, in planning the security architecture for their new cloud footprint. He also provides plenty of best practices and configuration decisions that together help decrease their attack surface by explaining how to take advantage of our Azure security services and native controls and integrate our solutions and centralize security operations in Azure. Additionally, Karl shares cloud and security agnostic recommendations that go beyond user guides, sharing lessons from his vast first hand experiences. And he maps many of our Azure controls and best practices to industry security benchmarks like those from CIS and NIST and security models like Zero Trust and Shift-Left.

I appreciate that his chapters guide you through key security domains and how to secure them in Azure. From identity and access management and their fundamental role in cloud security to protecting your cloud infrastructure and workloads, he touches on security basics and configurations without shying from pointing out where integration with 3rd party providers will help with specific needs.

Through this approach, Karl also brings several conversations that, while often overlooked, are fundamental when managing security operations in the cloud. For example, decisions such as the retention time for logs used for your security monitoring and analysis can have on your companys bill and the cloud shared responsibilities matrix, which showcases some of the benefits of moving to the cloud and highlights the importance of defining clear roles and responsibilities that may include workload owners who had little or no security ownership over on-premises implementations. Karl provides complete perspectives and hence brings clarity to architecting security in Azure.

In closing his book brings perspective to readers of all levels of expertise with security in Azure. After more than three years working in Cloud Security and learning the intimacies of our Azure security services, it has even taught me several technical and non-technical considerations of planning a move to the cloud.

I want to thank you for this book Karl. You and many others in the security community play a crucial role in communicating the benefits that our Microsoft products and services offer our customers, adding your valuable expertise. Thank you for representing the voice of our customers and for influencing the future of our Azure security services and native controls.