There are a number of security measures you want to take when deploying virtual machines in any public (and private) Infrastructure as a Service (IaaS) solution.
Some of these include:
- Hardening the guest operating system
- Enabling and configuring a host-based firewall and IDS
- Configuring the appropriate user accounts and removing or disabling default accounts
- Removing or disabling unnecessary services
- And more…
That list should look pretty familiar, since it’s what we’ve done with on-premises physical and virtual machines for years. One thing not on that list is encrypting operating system and data disks. While this is something that we should do on-premises, it’s not always seen as imperative because we trust our on-premises systems (maybe a little too much?).
We realize that security is a concern in public cloud deployments, so you are more likely going to implement extra security measures. One of those security measures is encrypting the operating system and data disks in the Azure Virtual Machines.
The question is – how do you know if your Azure Virtual Machines are encrypted? Is there an easy way for you to visually determine what Azure Virtual Machines are encrypted and which are not encrypted?
YES. The answer is Azure Security Center.
When you use Azure Security Center, you can easily see which virtual machines are unencrypted and you are alerted to that fact. Just check out the figure below.
Encrypting virtual machines is easy. If you’re new to Azure and Azure PowerShell, we have a simple script that you can use to encrypt your virtual machines. The article Encrypt an Azure Virtual Machine walks you step-by-step and assumes that you know nothing about PowerShell or scripting. If you’re an accomplished PowerShell pro or programmer, then you might want to flex your command line muscles by reading the Azure Disk Encryption white paper and customizing your encryption.
Learn more about Azure Security Center by heading over to the Azure Security Center documentation hub – and make sure to keep a close eye on the Azure Security and Compliance blog!