"We are going to see 2 or 3 more of these seismic events in the next 12 Months" RunAsRadio, episode 546 http://runasradio.com/Shows/Show/546
Ransom Demands
People don't notice great security practice. End-users and Business Managers want new features and better performance, sometimes leaving security down the priority list for IT professionals. It is when ransomware such as WannaCry https://en.wikipedia.org/wiki/WannaCry_ransomware_attack or Petya https://en.wikipedia.org/wiki/Petya_(malware) decimates your network, compromises data and takes services offline that people tend to notice. The quote at the top refers to potential future attacks, if that worries you, this post will discuss using Azure SQL Database to mitigate your risk.
Great Benefits
We have long spoken about the vast benefits of using Azure SQL Database. To recap some fantastic features:
All great features that should make Azure SQL Database the number one choice when designing the architecture of a new SQL Server solution. This post is going to specifically discuss the benefits in the context of security. A traditional on-premises SQL Server Security Audit might include checking the following items:
What is fascinating is the items that we can remove from our check-list when using Azure SQL Database:
Good Practice by Design
The items removed from the list are simply not available with Azure SQL Database, making bad practice in these areas impossible. What is left is the control of data access. Define who can connect, from which IP range and grant them the minimum required permissions to fulfil their role only. It was ever thus, the Principal of Least Privilege should be the cornerstone of any security strategy, regardless of the infrastructure platform.
Bye to Remote Desktop
Data governance is as valid as it's ever been, however with Azure SQL Database, security of the infrastructure is abstracted away and provided as part of your subscription. You are then in a wonderful position the next time malware propagates around the world. Instead of hoping that all will be well and nobody will remote desktop to your unpatched SQL Servers with malicious intent, you can guarantee it. It is impossible to authenticate to Windows on a server hosting Azure SQL Database or to run a version of the platform not at the latest patch level. A truly re-assuring statement to give to your business stakeholders.
There has long been debate regarding the practice of installing SQL Server Management Studio on database servers:
The no camp is all too aware of the danger of propagating malware via via directly logging on to the database server. With Azure SQL Database, there is no access to the Operating System, you are blocking that avenue of attack.
Security Concierge
You also have the might of Microsoft constantly working on security on your behalf. A problem discovered on one server is fixed and patched for everyone, this is the true power of cloud computing. Just last Month, in October 2017, the Bad Rabbit ransomware surfaced. Microsoft Threat Intelligence Center subsequently released the notification "Microsoft Antimalware for Azure services and virtual machines, were updated to detect and protect against this threat". Consumers of such Azure services are now protected, without having to take any action.
Microsoft is Better at Security
Some might be reluctant to hand-over control of their infrastructure to a third-party cloud provider, but Microsoft is better at security than most companies out there trying to manage these constant threats in-house. Microsoft are using Azure services and infrastructure themselves, and are working on improving security 24 hours per day on your behalf. You might be using features currently incompatible with Azure SQL Database requiring application changes. However, some engineering effort could unlock all the fantastic features that Azure SQL Database provides, the benefits are too great to ignore.
Are you interested in migrating your data to Azure SQL Database? Contact Coeo for assistance in all aspects: