Azure Cloud Security Enhancement
One of the most anticipated user management and security features for Microsoft Azure has officially been launched. According to Alex Simons, director of program management at Microsoft’s Identity Division, the Azure Roles-Based Access Control, or RBAC, is now generally available. RBAC has been requested by customers that have evaluated Azure as the foundation of their own enterprise cloud sectors. Azure Roles-Based Access Control permits administrators to selectively grant access to both cloud services and production workloads, adding a level of security.
As Dushyant Gill, a Microsoft Azure Active Directory program manager explained, “Until now, to give people the ability to manage Azure you had to give them full control of an entire Azure subscription. Now, using RBAC, you can grant people only the amount of access that they need to perform their jobs.” RBAC interfaces with Azure Active Directory (AD), Microsoft’s cloud-based identity management platform, to show users their assigned Azure resources. Once you extend your Active Directory to the cloud, using Azure AD—your employees can purchase and manage Azure subscriptions using their existing work identity. These Azure subscriptions automatically connect to your Azure AD for single sign-on and access management.”
If an Active Directory account becomes disabled, access to all Azure subscriptions is cut off, enhancing the security of the azure program. Roles-Based Access Control may also provide departments a certain level of independence whilst still being compliant with the organizations IT policies. Gill described, “Using Azure RBAC, you can enable self-service management of cloud resources for your project teams while retaining central control over security sensitive infrastructure. For example, a common setup is to allow project teams to create and manage their own virtual machines and storage accounts, but only allow them to connect to networks managed by a central team.”
RBAC is currently available with a multitude of preset roles; however, “if none of the built-in RBAC roles addresses your specific access need, you will be able to create a custom RBAC role composing the exact operations to which you wish to grant access” (Gill).