Azure Security best practice: Enterprise segmentation & Zero Trust preparation

This is Part#3 of our series of articles about best security practices that you can apply to an Azure environment. Please note that all the articles have been compiled from various official Microsoft sources.

Align segmentation strategy & teams by unifying network, identity, app, etc. into a single enterprise segmentation strategy (as you migrate to Azure).

SEGMENTATION STRATEGY

Azure Security best practice: Enterprise segmentation & Zero Trust preparation

What : Identify security segments that are needed
for your organization to contain risk

Why : A clear and simple segmentation strategy enables stakeholders (IT, Security, Business Units) can understand and support it. This clarity reduces the risk of human errors and automation failures that can lead to security vulnerabilities, operational downtime, or both

How : Select the segmentation approaches from
the reference design and assign permissions and network controls as appropriate.

A Good Segmentation Strategy:

1.Enables Operations – Minimizes operation friction by aligning to business practices and applications

2.Contains Risk – Adds cost and friction to attackers by

  • Isolating sensitive workloads from compromise of other assets
  • Isolating high exposure systems from being used as a pivot to other systems

3.Is Monitored – Security Operations should monitor for potential violations of the integrity of the segments (account usage, unexpected traffic, etc.)