Editor’s Note: This post comes from Mark Perry, Worldwide Technical Lead, Cloud Infrastructure & Security, Office of the CTO, EPG Cloud + Enterprise
As customers look to move applications and data centers to the cloud, they often look to bring certain best practices along with them. Security teams have a set of best practices for deploying applications that provide additional layers of security, along with visibility and compliance. They use them because they are effective in the on-premises world and can work equally well when applications and production servers move to the cloud.
One example of this is not allowing any direct connections to the application. Through a reverse-proxy architecture, all connections are terminated at a proxy, decrypted, and then inspected for any malicious content or embedded attacks. Only after the traffic has been validated is it passed to the application. A technology that can help enable this is called a Web Application Firewall (WAF), and in certain industries is not only a best practice, but a legal requirement for compliance (see PCI DSS standard as an example (https://www.pcisecuritystandards.org/). Using WAF technology can also enable several other good security practices, such as preventing Application Level DDOS attacks or using Geo-IP blocking (for certain types of applications).
We have partners in this space, including Barracuda Networks, CheckPoint and Alert Logic, who make their technology available natively in Azure. Alert Logic’s WAF can deliver inline protection of web applications from dangerous cyber threats such as SQL Injection and Cross Site Scripting. The Barracuda WAF can protect both IaaS and PaaS applications.
These video clips provide an intro to how the Barracuda WAF can protect High Business Impact (HBI) Applications moving to Azure:
The ability to use a WAF in front of SharePoint farms in Azure applies as well. These videos show how the Barracuda WAF can help provide an extra layer of security for your SharePoint farms as you move them to Azure:
Barracuda Networks has an additional solution called the Next Generation (NG) Firewall that provides more visibility into traffic, as well as the ability to control that traffic (Block, allow, re-direct, etc.). For many organizations with compliance requirements there is also the need to centrally report on all network traffic. The NG Firewall is also available in Azure:
If you’d like more information on this Barracuda WAF solution, go to Azure Marketplace (link here).