{"id":88040,"date":"2023-03-21T04:42:21","date_gmt":"2023-03-21T10:12:21","guid":{"rendered":"https:\/\/www.whizlabs.com\/blog\/?p=88040"},"modified":"2023-03-23T23:02:19","modified_gmt":"2023-03-24T04:32:19","slug":"design-strategy-securing-iaas-paas-and-saas","status":"publish","type":"post","link":"https:\/\/www.whizlabs.com\/blog\/design-strategy-securing-iaas-paas-and-saas\/","title":{"rendered":"How to design a strategy for securing IaaS, PaaS and SaaS?"},"content":{"rendered":"<p style=\"text-align: left;\"><span style=\"font-weight: 400;\">Many companies increasingly rely on the cloud due to its numerous benefits. While migrating to the cloud network, more time needs to spend on security. Cloud-based services handle a significant amount of network data, but many organizations use these services without implementing any security strategies. Additionally, the use of cloud service providers and personal devices makes it challenging for companies to monitor and manage data flows.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The common cloud computing services such as IaaS ,PaaS and SaaS and organizations will select those models on the basis of their needs. Implementing a strong cloud security strategy is essential for protecting your assets, regardless of the service model you choose.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">However, since each model operates differently, there is no universal approach to cloud security. It is important to consider the unique characteristics of each model when designing and implementing a security strategy.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In this article, you can gain knowledge on developing a cybersecurity plan that ensures the protection of cloud services in the Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), and Infrastructure-as-a-Service (IaaS) service delivery models.<\/span><\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_76 ez-toc-wrap-left counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ea7e02;color:#ea7e02\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ea7e02;color:#ea7e02\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.whizlabs.com\/blog\/design-strategy-securing-iaas-paas-and-saas\/#Specifying_security_baselines_for_IaaS_PaaS_and_SaaS_services\" >Specifying security baselines for IaaS ,PaaS and SaaS\u00a0services<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.whizlabs.com\/blog\/design-strategy-securing-iaas-paas-and-saas\/#Specify_security_requirements_for_IoT_workloads\" >Specify security requirements for IoT workloads<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.whizlabs.com\/blog\/design-strategy-securing-iaas-paas-and-saas\/#Specify_security_requirements_for_data_workloads_including_SQL_Azure_SQL_Database_Azure_Synapse_and_Azure_Cosmos_DB\" >Specify security requirements for data workloads, including SQL, Azure SQL Database, Azure Synapse and Azure Cosmos DB<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.whizlabs.com\/blog\/design-strategy-securing-iaas-paas-and-saas\/#Specify_security_requirements_for_web_workloads_including_Azure_App_Service\" >Specify security requirements for web workloads, including Azure App Service<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.whizlabs.com\/blog\/design-strategy-securing-iaas-paas-and-saas\/#Specify_security_requirements_for_storage_workloads_including_Azure_Storage\" >Specify security requirements for storage workloads, including Azure Storage<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.whizlabs.com\/blog\/design-strategy-securing-iaas-paas-and-saas\/#Specify_security_requirements_for_containers\" >Specify security requirements for containers<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.whizlabs.com\/blog\/design-strategy-securing-iaas-paas-and-saas\/#Specify_security_requirements_for_container_orchestration\" >Specify security requirements for container orchestration<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.whizlabs.com\/blog\/design-strategy-securing-iaas-paas-and-saas\/#Summary\" >Summary<\/a><\/li><\/ul><\/nav><\/div>\n<h3><span class=\"ez-toc-section\" id=\"Specifying_security_baselines_for_IaaS_PaaS_and_SaaS_services\"><\/span><span style=\"font-weight: 400;\">Specifying security baselines for IaaS ,PaaS and SaaS\u00a0services<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">The cybersecurity strategy will encompass the development of security baselines for SaaS, PaaS, and IaaS, and define security requirements for various components such as edge computing, containers, application services, databases, and storage accounts within Azure.<\/span><\/p>\n<blockquote><p>Learn More: Want to become a cybersecurity expert?, then take <a href=\"https:\/\/www.whizlabs.com\/microsoft-azure-certification-sc-100\/\" target=\"_blank\" rel=\"noopener\">SC-100 Certification<\/a> now!<\/p><\/blockquote>\n<p><span style=\"font-weight: 400;\">Securing PaaS (Platform-as-a-Service), IaaS (Infrastructure-as-a-Service), and SaaS (Software-as-a-Service) services requires a comprehensive approach that addresses various security concerns. Here are some key steps to designing a strategy for securing these services:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Patch Management<\/strong>: Keep the VM operating system and all applications running on it up-to-date with the latest security patches to reduce the risk of exploitation.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Account Security<\/strong>: Create and manage accounts with strong passwords, configure accounts with the least necessary privileges, and enable multi-factor authentication to prevent unauthorized access.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Network Security<\/strong>: Use network security groups (NSGs) to control inbound and outbound traffic to and from VMs. Use Azure Virtual Network and subnets to isolate VMs from the Internet and other networks.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Disk Encryption<\/strong>: Encrypt VM disks using BitLocker or dm-crypt to protect against data theft.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Monitoring and Logging<\/strong>: Set up monitoring and logging to detect and respond to security incidents in real-time.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Backup and Disaster Recovery<\/strong>: Create backups of VMs and implement disaster recovery plans to ensure business continuity in case of data loss or system failure.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Security Assessment<\/strong>: Conduct periodic security assessments to identify vulnerabilities and improve security posture.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Data Protection<\/strong>: Use encryption to protect sensitive data both at rest and in transit. SaaS providers should implement strong authentication mechanisms and access controls to prevent unauthorized access to sensitive data.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Identity and Access Management<\/strong>: Implement strong identity and access management controls, including multi-factor authentication, to prevent unauthorized access to SaaS applications.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Configuration Management<\/strong>: Configure SaaS applications securely by following vendor best practices and established security benchmarks. SaaS providers should regularly review and update their configuration settings to ensure continued security.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Network Security<\/strong>: Implement secure network architecture to ensure that all communications between SaaS applications and end-users are secured. SaaS providers should implement secure coding practices and conduct regular penetration testing to ensure the security of their applications.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Incident Response<\/strong>: Establish a well-defined incident response plan that includes procedures for detecting, containing, and mitigating security incidents.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Compliance and Audit<\/strong>: Implement appropriate security controls to comply with regulatory requirements and industry standards. SaaS providers should undergo regular audits to ensure compliance with security requirements and standards.<\/span><\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Specify_security_requirements_for_IoT_workloads\"><\/span><span style=\"font-weight: 400;\">Specify security requirements for IoT workloads<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">To secure an Internet of Things (IoT) infrastructure, it is essential to implement a comprehensive security-in-depth approach. This involves implementing measures to secure data in the cloud, ensuring the integrity of data during transmission over public networks, and securely provisioning devices. By implementing security measures at each layer, you can increase the overall security of the infrastructure. And it can be achieved by following methods:<\/span><\/p>\n<p><b>Device identity<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Device identity for IoT refers to the unique identity that is assigned to each IoT device to ensure secure communication and prevent unauthorized access. A device identity is essentially a digital fingerprint that uniquely identifies an IoT device and enables secure communication between the device and other endpoints in the IoT ecosystem.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">There are various methods for establishing device identity in IoT, such as:<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>X.509 Certificates<\/strong>: X.509 certificates are digital certificates that use public key cryptography to verify the identity of devices in IoT. Each IoT device is assigned a unique X.509 certificate that includes its public key, which is used for secure communication.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Pre-Shared Keys (PSK)<\/strong>: Pre-shared keys are a simple method for device authentication in IoT. Each device is assigned a secret key that is shared between the device and the IoT gateway. The secret key is used to authenticate the device during communication.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Unique Identifiers<\/strong>: IoT devices can be assigned unique identifiers such as serial numbers or MAC addresses. These unique identifiers can be used to authenticate the device during communication.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><span style=\"font-weight: 400;\"><strong>Device-specific Secrets<\/strong>: Device-specific secrets are unique secrets that are assigned to each IoT device during manufacturing. These secrets can be used for device authentication and secure communication.<\/span><\/span>\n<p><figure id=\"attachment_88044\" aria-describedby=\"caption-attachment-88044\" style=\"width: 1533px\" class=\"wp-caption aligncenter\"><img decoding=\"async\" class=\"wp-image-88044 size-full\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/03\/IoT-workloads.webp\" alt=\"IoT workloads\" width=\"1533\" height=\"600\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/03\/IoT-workloads.webp 1533w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/03\/IoT-workloads-300x117.webp 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/03\/IoT-workloads-1024x401.webp 1024w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/03\/IoT-workloads-768x301.webp 768w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/03\/IoT-workloads-150x59.webp 150w\" sizes=\"(max-width: 1533px) 100vw, 1533px\" \/><figcaption id=\"caption-attachment-88044\" class=\"wp-caption-text\">www.microsoft.com<\/figcaption><\/figure><\/li>\n<\/ol>\n<p><span style=\"font-weight: 400;\">Establishing device identity is a crucial aspect of IoT security, as it helps to prevent unauthorized access and ensures secure communication between IoT devices and other endpoints in the IoT ecosystem. By implementing robust device identity mechanisms, organizations can improve the security of their IoT deployments and protect against potential security threats.<\/span><\/p>\n<p><b>Password-less authentication<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Password-less authentication is a method of authentication that allows users to access their accounts without the need for a traditional password. Instead of relying on a password, password-less authentication uses alternative methods of authentication, such as biometric authentication, multi-factor authentication (MFA), or public key cryptography.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">There are several benefits to password-less authentication. One of the main benefits is improved security, as traditional passwords can be vulnerable to attacks such as phishing, password cracking, and password reuse. Password-less authentication eliminates these vulnerabilities by using more secure authentication methods.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Another benefit of password-less authentication is improved user experience. Traditional passwords can be difficult to remember, leading to frustration for users. Password-less authentication simplifies the authentication process and can reduce the need for users to remember complex passwords.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">There are several methods for implementing password-less authentication, including:<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Biometric authentication: Biometric authentication uses physical characteristics of the user, such as fingerprints, facial recognition, or iris scans, to authenticate the user.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Multi-factor authentication (MFA): MFA requires the user to provide two or more methods of authentication, such as a fingerprint and a security token, to authenticate the user.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Public key cryptography: Public key cryptography uses a public and private key pair to authenticate the user. The user&#8217;s private key is used to authenticate the user, while the public key is used to verify the user&#8217;s identity.<\/span><\/li>\n<\/ol>\n<p><b>Monitoring<\/b><\/p>\n<p><span style=\"font-weight: 400;\">CISA recommends several key components for security monitoring in the context of IoT and OT devices:<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Asset inventory and network mapping: Generating an inventory of all IoT and OT devices, as well as a network map that shows how these devices are interconnected, is a crucial first step in security monitoring. This information is needed to identify potential attack paths and to track down specific devices that may be vulnerable or compromised.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Protocol identification: Identifying all communication protocols used across IoT\/OT networks is important for detecting suspicious activity and potential threats. Different protocols may have different security characteristics, and monitoring for unusual protocol usage can help identify malicious behavior.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">External connection cataloging: Cataloging all external connections to and from IoT\/OT networks is important for detecting potential threats from outside the organization. This includes not only connections to the public internet, but also connections to third-party vendors, partners, or other networks.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Vulnerability identification and mitigation: Identifying vulnerabilities in IoT\/OT devices and using a risk-based approach to mitigate them is critical for maintaining the security of these devices. This involves regular vulnerability scanning, patching, and configuration management to ensure that devices are up-to-date and secure.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Vigilant monitoring program: Implementing a vigilant monitoring program with anomaly detection is important for detecting and responding to potential threats. This program should monitor for unauthorized changes to controllers, unusual behavior from devices, and audit access and authorization attempts. It should also include threat intelligence feeds and incident response procedures to ensure that potential threats are identified and addressed in a timely manner.<\/span><\/li>\n<\/ol>\n<p><span style=\"font-weight: 400;\">By following these key components for security monitoring, organizations can help protect their IoT and OT devices from cyber threats and ensure the security of their critical infrastructure.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Specify_security_requirements_for_data_workloads_including_SQL_Azure_SQL_Database_Azure_Synapse_and_Azure_Cosmos_DB\"><\/span><span style=\"font-weight: 400;\">Specify security requirements for data workloads, including SQL, Azure SQL Database, Azure Synapse and Azure Cosmos DB<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><span style=\"font-weight: 400;\">Benefits of Azure SQL on Azure VM<\/span><\/h4>\n<p><span style=\"font-weight: 400;\">SQL Server on <a href=\"https:\/\/www.whizlabs.com\/blog\/creating-azure-virtual-machine\/\" target=\"_blank\" rel=\"noopener\">Azure Virtual Machines<\/a> is the ideal solution if you simply want to move your databases to the cloud in their current state. This is not always the greatest option, however, as it occasionally needs to be used as an exemplar for compatibility concerns.<\/span><\/p>\n<p><b>Azure SQL Managed Instance usage<\/b><\/p>\n<p><span style=\"font-weight: 400;\">It&#8217;s now possible to integrate <a href=\"https:\/\/www.whizlabs.com\/blog\/what-is-azure-active-directory-all-that-you-should-know\/\" target=\"_blank\" rel=\"noopener\">Azure Active Directory<\/a> authentication directly into your database, eliminating the need for manually created user accounts. This means that users who are created within your Azure environment can now seamlessly access the database with the added security and identity protection features of Azure Identity. With this integration, you can maintain a single identity for your users and simplify the authentication and authorization process.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In addition to the Azure Active Directory authentication, the deployment options for the database now include Elastic Pools. The two options available are a single database with its own set of resources managed via a logical SQL server, similar to a contained database in SQL Server. This option is ideal for modern application development of new cloud-based applications and offers both Hyperscale and serverless options.<\/span><\/p>\n<figure id=\"attachment_88043\" aria-describedby=\"caption-attachment-88043\" style=\"width: 1627px\" class=\"wp-caption aligncenter\"><img decoding=\"async\" class=\"wp-image-88043 size-full\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/03\/Data-workloads.webp\" alt=\"Data workloads\" width=\"1627\" height=\"796\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/03\/Data-workloads.webp 1627w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/03\/Data-workloads-300x147.webp 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/03\/Data-workloads-1024x501.webp 1024w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/03\/Data-workloads-768x376.webp 768w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/03\/Data-workloads-1536x751.webp 1536w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/03\/Data-workloads-150x73.webp 150w\" sizes=\"(max-width: 1627px) 100vw, 1627px\" \/><figcaption id=\"caption-attachment-88043\" class=\"wp-caption-text\">www.microsoft.com<\/figcaption><\/figure>\n<p><b>Azure SQL Database features<\/b><\/p>\n<p><span style=\"font-weight: 400;\">The other option is an elastic pool, which is a collection of databases with a shared set of resources managed via a logical SQL server. An elastic pool is a fantastic option for developing contemporary applications using the multi-tenant SaaS application design since databases can be added to and removed from it with ease. Elastic pools provide a practical way to control the performance of numerous databases with various usage patterns.<\/span><\/p>\n<p><strong><a href=\"https:\/\/www.whizlabs.com\/blog\/azure-cosmos-db-a-complete-guide\/\" target=\"_blank\" rel=\"noopener\">Azure Cosmos DB<\/a><\/strong><\/p>\n<p><span style=\"font-weight: 400;\">Typically, the vital information in Azure Cosmos DB is collected and processed via Extract-Transform-Load (ETL) pipelines in order to evaluate huge operational datasets while reducing the effect on the efficiency of mission-critical transactional applications. The several layers of data transfer required by ETL pipelines add to operational complexity and have a negative influence on the performance of your transactional workloads. The analysis of operational information from the point of origin also takes longer.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Specify_security_requirements_for_web_workloads_including_Azure_App_Service\"><\/span><span style=\"font-weight: 400;\">Specify security requirements for web workloads, including Azure App Service<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">The Serverless computing key components include functions, logic apps and an event grid.\u00a0<\/span><\/p>\n<p><a href=\"https:\/\/www.whizlabs.com\/labs\/implement-azure-functions\" target=\"_blank\" rel=\"noopener\"><b>Azure functions<\/b><\/a><\/p>\n<p><span style=\"font-weight: 400;\">You can run code on-demand with Azure Functions, a serverless compute solution, without having to set up or maintain infrastructure. You may observe how Azure Functions responds to a range of events by executing a script or piece of code.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Since Azure functions are constructed using the same fundamental building blocks as Azure App Service, you can switch on some functionalities essentially &#8220;for free&#8221; without writing any more code.\u00a0<\/span><\/p>\n<p><b>Logic Apps<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Azure App Service&#8217;s Logic Apps feature enables the creation of scalable integrations and workflows. It includes a visual designer for modeling and automating workflows using a series of steps. Additionally, Logic Apps offers a range of connectors for quickly connecting serverless apps to both cloud-based and on-premises services.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">A Logic App is initiated by a trigger, such as the addition of an account to Dynamics CRM, and can include a combination of actions, conversions, and conditional logic. Logic Apps is particularly useful for orchestrating multiple functions within a process, especially when external systems or APIs need to be interacted with.<\/span><\/p>\n<p><b>Event grid<\/b><\/p>\n<p><span style=\"font-weight: 400;\">You can create applications with occurrence architectures using Azure Event Grid. Therefore provide event handler or websocket endpoint to deliver the event to after selecting the Azure resource you wish to subscribe to.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">To ensure the security of your apps in Azure App Service, there are several measures you should take. Firstly, it is important to secure your apps with HTTPS, using a TLS\/SSL certificate to enable HTTPS connections to your custom domain. Additionally, you can disable insecure protocols and enforce HTTPS to prevent unsecured requests from reaching your app&#8217;s code.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Static IP restrictions can also be created to limit access to your app to a small subset of IP addresses. Azure App Service also provides authentication and authorization solutions, which can sign in users and client apps with minimal application code.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">To protect your application secrets, avoid storing them in your code or configuration files. Instead, access them as environment variables using the standard pattern in your preferred language.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Lastly, network isolation can be implemented through the isolated tier, which runs your apps in a dedicated App Service environment. This environment provides complete network isolation and runs within your own instance of Azure Virtual Network.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Specify_security_requirements_for_storage_workloads_including_Azure_Storage\"><\/span><span style=\"font-weight: 400;\">Specify security requirements for storage workloads, including Azure Storage<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Azure Storage Accounts are well-suited for workloads that demand rapid and consistent response times or require a high number of input\/output (IOP) operations per second. They serve as a repository for all of your Azure Storage data objects, such as blobs, file shares, queues, tables, and disks.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">To optimize security when setting up your <a href=\"https:\/\/www.whizlabs.com\/blog\/azure-storage\/\" target=\"_blank\" rel=\"noopener\">Azure Storage<\/a> Account, consider the following recommendations:<\/span><\/p>\n<figure id=\"attachment_88045\" aria-describedby=\"caption-attachment-88045\" style=\"width: 1288px\" class=\"wp-caption aligncenter\"><img decoding=\"async\" class=\"size-full wp-image-88045\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/03\/storage-workloads.webp\" alt=\"storage workloads\" width=\"1288\" height=\"652\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/03\/storage-workloads.webp 1288w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/03\/storage-workloads-300x152.webp 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/03\/storage-workloads-1024x518.webp 1024w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/03\/storage-workloads-768x389.webp 768w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/03\/storage-workloads-150x76.webp 150w\" sizes=\"(max-width: 1288px) 100vw, 1288px\" \/><figcaption id=\"caption-attachment-88045\" class=\"wp-caption-text\">www.microsoft.com<\/figcaption><\/figure>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Enable soft delete for blob data.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Use Azure Active Directory (AD) to authorize access to blob data.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Apply the principle of least privilege when assigning permissions to an Azure AD security principal through Azure Role-Based Access Control (RBAC).<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Use blob versioning or immutable blobs to store business-critical data.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Limit default internet access for storage accounts.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Configure firewall rules to restrict access to your storage account.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Limit network access to specific networks.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Allow trusted Microsoft services to access the storage account.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Enable the &#8220;Secure transfer required&#8221; option for all your storage accounts.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Limit shared access signature (SAS) tokens to HTTPS connections only.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Avoid using Shared Key authorization to access storage accounts and prevent others from doing so.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Regularly regenerate your account keys.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Create a revocation plan and have it in place for any SAS issued to clients.<\/span><\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Specify_security_requirements_for_containers\"><\/span><span style=\"font-weight: 400;\">Specify security requirements for containers<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">A container is a pre-configured software environment that contains both the application code and its dependencies within an image.The ability to run several instances of an operating system simultaneously is made possible by machine virtualization, which acts at the hardware level. Unlike virtual machines, containers run as distinct processes while sharing the host operating system.<\/span><\/p>\n<h4><span style=\"font-weight: 400;\">Configuration of security for container services<\/span><\/h4>\n<p><b>Authentication\u00a0<\/b><\/p>\n<table>\n<tbody>\n<tr>\n<td><b>Method<\/b><\/td>\n<td><b>Authentication steps<\/b><\/td>\n<td><b>Scenarios<\/b><\/td>\n<td><b>Azure RBAC<\/b><\/td>\n<td><b>Limitations<\/b><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">Individual AD identity<\/span><\/td>\n<td><span style=\"font-weight: 400;\">az acr login\u202fin Azure CLI<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Connect-AzContainerRegistry in Azure PowerShell\u00a0<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Interactive push\/pull done by developers, testers\u00a0<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Yes<\/span><\/td>\n<td><span style=\"font-weight: 400;\">AD token has to be renewed for every 3 hours\u00a0<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">AD service principal\u00a0<\/span><\/td>\n<td><span style=\"font-weight: 400;\">docker login<\/span><\/p>\n<p><span style=\"font-weight: 400;\">az acr login in Azure CLI<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Connect-AzContainerRegistry in Azure PowerShell<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Unattended push from CI\/CD pipeline<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Unattended pull to Azure or external services\u00a0<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Yes<\/span><\/td>\n<td><span style=\"font-weight: 400;\">The password default expiry of SP is 1 year\u00a0<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">AKS cluster managed identity\u00a0<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Attach registry when AKS cluster gets created or updated\u00a0<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Unattended pull to AKS cluster in the same or a varied subscription<\/span><\/td>\n<td><span style=\"font-weight: 400;\">No, pull access available<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Only available with AKS cluster<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Can\u2019t be used for cross-tenant authentication\u00a0<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><b>Node security<\/b><\/p>\n<p><span style=\"font-weight: 400;\">AKS nodes are virtual machines in Azure that you have full control over and are responsible for maintaining. Linux nodes use an optimized Ubuntu distribution and the Moby container runtime, while Windows Server nodes use an optimized Windows Server 2019 release and the Moby container runtime as well. When you create or scale up an AKS cluster, the nodes are automatically provisioned with the latest OS security updates and configurations.<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><a href=\"https:\/\/www.whizlabs.com\/getting-started-with-microsoft-azure\/\" target=\"_blank\" rel=\"noopener\">Azure platform<\/a> applies OS security patches to Linux nodes every night, but if a Linux OS security update requires a reboot, it will not be performed automatically. You can reboot the Linux nodes manually or use Kured, an open-source reboot daemon for Kubernetes that runs as a DaemonSet and monitors each node for the presence of a file indicating that a reboot is needed. Reboots are managed throughout the cluster using the same cordon and drain process as a cluster upgrade.<\/span><\/p>\n<p><b>RBAC roles<\/b><\/p>\n<table>\n<tbody>\n<tr>\n<td><b>Roles<\/b><\/td>\n<td><b>Access<\/b><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">Owner<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Access Resource Manager, Create\/delete registry, push or pull image, delete image data, change policies<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">Contributor<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Access Resource Manager, Create\/delete registry, push or pull image, delete image data, change policies<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">Reader<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Access Resource Manager, pull image<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">AcrPush<\/span><\/td>\n<td><span style=\"font-weight: 400;\">push or pull image<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3><span class=\"ez-toc-section\" id=\"Specify_security_requirements_for_container_orchestration\"><\/span><span style=\"font-weight: 400;\">Specify security requirements for container orchestration<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">A container orchestrator is responsible for managing the containers of an application. Orchestration involves automating all aspects of application management, from initial placement and scheduling to steady-state activities like health monitoring, scaling, and failover support.<\/span><\/p>\n<figure id=\"attachment_88046\" aria-describedby=\"caption-attachment-88046\" style=\"width: 942px\" class=\"wp-caption aligncenter\"><img decoding=\"async\" class=\"size-full wp-image-88046\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/03\/container-orchestration.webp\" alt=\"container orchestration\" width=\"942\" height=\"715\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/03\/container-orchestration.webp 942w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/03\/container-orchestration-300x228.webp 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/03\/container-orchestration-768x583.webp 768w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/03\/container-orchestration-150x114.webp 150w\" sizes=\"(max-width: 942px) 100vw, 942px\" \/><figcaption id=\"caption-attachment-88046\" class=\"wp-caption-text\">www.microsoft.com<\/figcaption><\/figure>\n<p><span style=\"font-weight: 400;\">Kubernetes, which is the most widely used container orchestration system and has grown rapidly as an open-source project, has become an essential component of many companies&#8217; computing infrastructure. The Azure platform provides three services that simplify the deployment and management of Kubernetes clusters.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">By enabling Microsoft Defender for Containers, protection is automatically enabled for both Azure Kubernetes Service clusters and Azure Arc-enabled Kubernetes clusters (Preview). With this feature, you can also configure Kubernetes data plane hardening.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Security recommendations related to this feature will be displayed in the Defender for Cloud dashboard.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In the case of <a href=\"https:\/\/www.whizlabs.com\/blog\/azure-kubernetes-service\/\" target=\"_blank\" rel=\"noopener\">Azure Kubernetes Service<\/a> clusters, audit log data is collected in a frictionless and agentless manner. Each node is deployed with a Defender profile, which provides runtime protection and signals collection. The <a href=\"https:\/\/www.whizlabs.com\/labs\/creating-azure-policies\" target=\"_blank\" rel=\"noopener\">Azure Policy<\/a> add-on for Kubernetes is responsible for collecting cluster and workload configuration for admission control policies, as explained in the &#8220;Protect your Kubernetes workloads&#8221; guide. The following diagram provides an overview of this solution:<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The Defender profile comprises a DaemonSet, a group of containers that gather inventory and security events within the Kubernetes environment. Additionally, it includes Gatekeeper, Azure Policy, which serves as the admission controller webhook for Open Policy Agent (OPA), to enforce and maintain safeguards on your clusters in a centralized and consistent manner at scale.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Summary\"><\/span><span style=\"font-weight: 400;\">Summary<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Hope this blog covers the complete information on how to design a security strategy for securing cloud service models. With the insights provided,\u00a0 you can be able to monitor, troubleshoot and optimize all the resources including public clouds and private data centers.<\/span><\/p>\n<p>If you want to further enrich your career in cybersecurity, choose SC-100 certification and you can learn the basic things about cybersecurity in detail.<\/p>\n<p><span style=\"font-weight: 400;\">If you have further queries on this blog post, please feel free to comment us!<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Many companies increasingly rely on the cloud due to its numerous benefits. While migrating to the cloud network, more time needs to spend on security. Cloud-based services handle a significant amount of network data, but many organizations use these services without implementing any security strategies. Additionally, the use of cloud service providers and personal devices makes it challenging for companies to monitor and manage data flows. The common cloud computing services such as IaaS ,PaaS and SaaS and organizations will select those models on the basis of their needs. Implementing a strong cloud security strategy is essential for protecting your [&hellip;]<\/p>\n","protected":false},"author":223,"featured_media":88042,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":"","site-sidebar-layout":"default","site-content-layout":"default","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"default","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[10,3343],"tags":[],"class_list":["post-88040","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cloud-computing-certifications","category-cybersecurity"],"uagb_featured_image_src":{"full":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/03\/How-to-design-a-strategy-for-securing-PaaS-IaaS-and-SaaS-services-Featured-Image.webp",1280,720,false],"thumbnail":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/03\/How-to-design-a-strategy-for-securing-PaaS-IaaS-and-SaaS-services-Featured-Image-150x150.webp",150,150,true],"medium":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/03\/How-to-design-a-strategy-for-securing-PaaS-IaaS-and-SaaS-services-Featured-Image-300x169.webp",300,169,true],"medium_large":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/03\/How-to-design-a-strategy-for-securing-PaaS-IaaS-and-SaaS-services-Featured-Image-768x432.webp",768,432,true],"large":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/03\/How-to-design-a-strategy-for-securing-PaaS-IaaS-and-SaaS-services-Featured-Image-1024x576.webp",1024,576,true],"1536x1536":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/03\/How-to-design-a-strategy-for-securing-PaaS-IaaS-and-SaaS-services-Featured-Image.webp",1280,720,false],"2048x2048":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/03\/How-to-design-a-strategy-for-securing-PaaS-IaaS-and-SaaS-services-Featured-Image.webp",1280,720,false],"profile_24":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/03\/How-to-design-a-strategy-for-securing-PaaS-IaaS-and-SaaS-services-Featured-Image.webp",24,14,false],"profile_48":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/03\/How-to-design-a-strategy-for-securing-PaaS-IaaS-and-SaaS-services-Featured-Image.webp",48,27,false],"profile_96":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/03\/How-to-design-a-strategy-for-securing-PaaS-IaaS-and-SaaS-services-Featured-Image.webp",96,54,false],"profile_150":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/03\/How-to-design-a-strategy-for-securing-PaaS-IaaS-and-SaaS-services-Featured-Image.webp",150,84,false],"profile_300":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/03\/How-to-design-a-strategy-for-securing-PaaS-IaaS-and-SaaS-services-Featured-Image.webp",300,169,false],"tptn_thumbnail":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/03\/How-to-design-a-strategy-for-securing-PaaS-IaaS-and-SaaS-services-Featured-Image-250x250.webp",250,250,true],"web-stories-poster-portrait":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/03\/How-to-design-a-strategy-for-securing-PaaS-IaaS-and-SaaS-services-Featured-Image-640x720.webp",640,720,true],"web-stories-publisher-logo":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/03\/How-to-design-a-strategy-for-securing-PaaS-IaaS-and-SaaS-services-Featured-Image-96x96.webp",96,96,true],"web-stories-thumbnail":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/03\/How-to-design-a-strategy-for-securing-PaaS-IaaS-and-SaaS-services-Featured-Image-150x84.webp",150,84,true]},"uagb_author_info":{"display_name":"Dharmendra Digari","author_link":"https:\/\/www.whizlabs.com\/blog\/author\/dharmendrawhizlabs-com\/"},"uagb_comment_info":3,"uagb_excerpt":"Many companies increasingly rely on the cloud due to its numerous benefits. While migrating to the cloud network, more time needs to spend on security. Cloud-based services handle a significant amount of network data, but many organizations use these services without implementing any security strategies. Additionally, the use of cloud service providers and personal devices&hellip;","_links":{"self":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/88040","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/users\/223"}],"replies":[{"embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/comments?post=88040"}],"version-history":[{"count":12,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/88040\/revisions"}],"predecessor-version":[{"id":88102,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/88040\/revisions\/88102"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/media\/88042"}],"wp:attachment":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/media?parent=88040"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/categories?post=88040"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/tags?post=88040"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}