Cloud Security: The 4C’s Of Cloud-Native Security – Part 5

In the last part of the article series on the 4C's of cloud-native security, we will look at securing the cloud environment itself. Although actual steps to harden your cloud infrastructure differ based on the cloud vendor and the services used to architecture your cloud-native application, many concepts and methodologies are quite similar.

In diesem Artikel:

For the scope of this article, we’ll take a look at services in Microsoft Azure that support you in securing your overall cloud infrastructure that builds the foundation for your cloud-native application. It is top of the mind for all cloud vendors to provide professional tools to harden and secure cloud infrastructures. Microsoft has recently re-branded existing services to group and advertise all essential services for securing cloud services under the brands Microsoft Defender for Cloud and Microsoft Sentinel.

Before we quickly dive into Microsoft Defender for Cloud, we will look at both products offered by Microsoft and which needs they address.

Microsoft Defender for Cloud

Microsoft Defender for Cloud addresses three essential needs when it comes to securing cloud services:

  • Continuous Assessment: By providing a single number – the secure score -, Microsoft Defender for cloud helps you understand your security posture. A higher secure score means a more secure cloud environment.
  • Secure: Microsoft Defender for Cloud also assists in actively securing cloud infrastructures. It provides security recommendations that tell you which services have weak configurations and may increase your overall attack surface. On top of delivering those recommendations, Microsoft Defender for Cloud gives you either fine granular instructions on how to remediate those misconfigurations or lets you fix those findings automatically by just clicking a “Fix” button.
  • Defend: Quickly taking action on potential threats or attacks is mission-critical to defense cloud environments. Microsoft Defender for Cloud detects attacks and threats to your resources and alerts you automatically. You can stream those alerts also to different SIEM and SOAR solutions.

The Continuous Assessment and Secure capabilities Microsoft Defender for Cloud address Cloud security posture management (CSPM) . Microsoft Threat intelligence powered alerts (Defend) capabilities are key features that address Cloud workload protection (CWP).

Microsoft Sentinel

Besides Microsoft Defender for Cloud, Azure customers can use Microsoft Sentinel, a security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution. Microsoft Sentinel allows you to:

  • Collect data across all cloud services, applications, users, and infrastructure
  • Detectanomalies and eliminate false positives using threat intelligence
  • Investigate threats with AI to hunt and stop suspicious activities
  • Respond rapidly using built-in orchestration and automation of recurring tasks

With Microsoft Sentinel, users can collect and integrate data from different sources using built-in connectors. You can incorporate data from services like Microsoft 365, Azure AD, and several Microsoft Defender products like Microsoft Defender for Identity or Microsoft Defender for Cloud Apps. On top of that, you can integrate data from non-Microsoft environments using well-adopted formats like Syslog or ingest custom data via REST. Once data ingestion is configured, you can use workbooks (powered by Azure Monitor Workbooks) to visualize and monitor your data. Although Microsoft Sentinel comes with pre-configured workbooks, you can create tailored workbooks on your own to address individual needs. Visualizing and monitoring a vast amount of data becomes cumbersome and tedious quickly. Analytics capabilities from Azure Sentinel reduce noise and minimize the number of alerts you’ve to care about. Microsoft Sentinel correlates alerts into incidents. You can customize the built-in correlation rules to fit your needs. On top of fundamental correlation rules, Sentinel uses its machine learning (ML) capabilities to create incidents from network behavior anomalies. At this point, you should already realize that data ingestion and visualization are just the tip of the iceberg. Although Sentinel is a supercritical piece of the puzzle, I’ll stop here and won’t touch other features from Microsoft Sentinel like automation, integration, hunting, and incidence response techniques. You should definitely consult the official Microsoft Sentinel documentation and dive deeper. But for the scope of this article, let’s move again back to CSPM.

Getting started with CSPM

Now that you have some fundamental understanding of Microsoft Defender for Cloud let’s get started with CSPM.

Choose your Microsoft Defender for Cloud tiers

Microsoft Defender for Cloud offers a free tier that includes continuous assessment and security recommendations. It will give you a secure score (we will take a look at this in a bit) for Azure and AWS environments. (Yes, you can assess multi- and hybrid-cloud environments with Microsoft Defender for Cloud). Enhanced security features provided by Microsoft Defender for Cloud can be activated on the Azure subscription scope. However, there is a 30-day trial that you can use to try those advanced capabilities.

Enhanced security features can be activated/deactivated by resource type. For example, if you’re working with containers, you may find Microsoft Defender for Containers very useful. However, in contrast, you may not need to rent Microsoft Defender for PostgreSQL if your PostgreSQL deployments in Azure are just for testing or development purposes. You can access your Defender for Could dashboard by navigating to Microsoft Defender for Cloud from Azure Portal. The dashboard provides not just essential insights about your overall cloud security; it also contains the latest recommendations from Microsoft security experts in one place.

To configure tiers and book enhanced security features, you can navigate from the dashboard to Environment settings using the left-hand blade navigation.

Configure E-Mail notifications

Security-related notifications and alerts must be sent to people that can take action on discovered incidents. You should take a second and configure your E-Mail notifications properly. To avoid flooding inboxes with notifications and to reduce noise, Defender for cloud will limit the volume of outgoing mails for each subscription to:

  • max 1 mail per 6 hours for alerts with high severity
  • max 1 mail per 12 hours for alerts with medium severity
  • max 1 mail per 24 hours for alerts with low severity

Again, you can customize those settings on the subscription scope.

Configure regulatory compliance

Do you have to address specific regulatory compliance? With Microsoft Defender for Cloud, you can continuously compare the actual configuration of your cloud resources against requirements defined as part of industry standards and benchmarks.

Continuously checking for a regulatory standard requires enhanced security being enabled. You can choose a regulatory standard – again on subscription level – by enabling it under Security policy.

Once you’ve configured your Security policies, it will take several hours to see your performance in the context of every selected regulatory standard in the compliance dashboardCheck the list of supported regulatory standards, to see where Microsoft Defender for Cloud can help hit the bar.

Secure score

Microsoft Defender for cloud computes a secure score, a percentage value that reflects your overall security situation at the current point in time. The security situation changes continuously because of new vulnerabilities, new attack surfaces being added to the cloud infrastructure, or new security features being added to the platform itself. You can see from the picture below that you get a secure score calculated per subscription on top of the overall secure score.


Subscription-based secure scores are an immediate indicator of how you can improve your overall cloud security. Also, keep in mind that the secure score is not just a number made up by some teams at Microsoft. It’s reproducible, and the underlying formula is publicly available and well documented.


This article looked at fundamental concepts for securing your cloud platform. Services like Microsoft Defender for Cloud assist you in discovering insecure service configurations and ensure continuous service observation according to the latest security standards.

When hosting applications in the public cloud, we must address security concerns and harden underlying cloud services to prevent attackers from executing various attacks such as taking down the application, stealing data, or acting on behalf of a user.

Securing the cloud addresses the last “C” in the 4C’s of cloud-native security, which marks the end of the article series.

Mehr Artikel zu Cloud Native, Azure

Aktuelle Artikel, Screencasts, Webinare und Interviews unserer Experten für Sie

Verpassen Sie keine Inhalte zu Angular, .NET Core, Blazor, Azure und Kubernetes und melden Sie sich zu unserem kostenlosen monatlichen Dev-Newsletter an.

Newsletter Anmeldung
Diese Artikel könnten Sie interessieren
Cloud Native

Code Security: The 4C’s Of Cloud-Native Security – Part 4

In this part of the article series on the 4C's of cloud-native security, we will take a closer look at code security. We will briefly inspect why code security is essential, why it should be addressed from the beginning, and why trends such as shift-left security are important aspects of overall security considerations.
Cloud Native

Cluster Security: The 4C’s Of Cloud-Native Security – Part 3

Securing the Kubernetes cluster (which may act as a runtime platform for several components of typical cloud-native applications) addresses one of the 4C's in cloud-native security. If you haven't heard about the 4C's of cloud-native security yet or want a quick refresher, you should read my corresponding introduction article.
Cloud Native

Container Security: The 4C’s Of Cloud-Native Security – Part 2

Securing the container images of your cloud-native application building blocks addresses one of the 4C's in cloud-native security. If you haven't heard about the 4C's of cloud-native security yet or want a quick refresher, you should read my corresponding introduction post.
Cloud Native

Code, Container, Cluster, Cloud: The 4C’s Of Cloud-Native Security – Part 1

Containers and cloud-native design patterns gained popularity over the past years. More and more organizations use containers in production and adopt cloud-native practices and methodologies to get even more value from existing containerized applications and underlying technologies such as container orchestrators like Kubernetes.
Cloud Native

Ausführen von Containern in Azure Container Instances (ACI) direkt über die Docker CLI

Vor einigen Monaten haben sowohl Microsoft als auch Docker eine nahtlose Integration von Azure Container Instances (ACI) und Docker CLI angekündigt. Als Container-Enthusiast musste ich mich natürlich mit dieser Integration befassen. Ich habe es in verschiedenen Szenarien getestet, um zu sehen, wie es mich unterstützen und meine Produktivität steigern könnte.
Infrastructure as Code

Infrastructure-as-Code (IaC): Bicep und Terraform im Vergleich

Infrastructure as Code (IaC) ist eine wichtige Technik in der Automatisierung. Teams beginnen ihren Weg zu Cloud-Native oft so, dass sie alles automatisieren und die Infrastruktur ist hier keine Ausnahme. Die stetig wachsende Akzeptanz von Cloud-Diensten und die Digitalisierung sind nur einige Gründe, warum IaC-Tools wie Terraform so beliebt sind. Project Bicep ist hier ganz neu - eine neue Sprache, die erstellt wurde, um Azure Infrastruktur-Deployments als Code auszudrücken