Best practices: Security audit of Azure infrastructure for a healthcare data company

01 Mar 2022 Andrey Khudyakov, Roman Muzyka

One of our customers runs a large Azure data center that works with Personal Health Information ( PHI). Before the client contacted us, many of their servers have been running on legacy OS and the overall infrastructure was rather disorganized. The Company’s management was concerned about potential security holes and requested to conduct a thorough security audit.

Before contacting ABCloudz, the Company’s IT staff had been aware of potential security gaps in their infrastructure. For example, their data infrastructure included outdated servers, such as Windows Server 2003, 2005, 2008. All of these databases are out of support by Microsoft and known to have security vulnerabilities.

The legacy Windows Server 2003 is vulnerable to unauthorized remote commands conducted through RDP and Terminal Server. And Windows Server 2008 allows authorized users to execute arbitrary code through special SQL queries. In this case, the user can take control of the server and then do whatever he wants with the data.

The customer had to identify and fix those issues as soon as possible to avoid security breaches leading to adverse consequences, up to HIPAA fines and liability. The customer also prioritized their app’s performance, so all fixes had to be implemented without any impact on the business.

Read this article to know how the ABCloudz team applied its best practices to secure healthcare data infrastructure for the client.

The ABCloudz team examines the entire infrastructure

ABCloudz was chosen as a right technology partner for the client because of a proven expertise in databases, IT administration and Azure infrastructure. Once the client communicated their requirements to the team, our specialists immediately swung into action. We worked according to the recommendations of experienced healthcare data security consultants to come up with a clear security audit roadmap.

The team thoroughly reviewed the infrastructure according to the custom checklist, including such categories as authorization and authentication, permissions, passwords, security monitoring, encryption, security auditing, and data recovery. We relied on the recommended Azure operational security checklist. You can review its basic in the table below.

CategorySpecific points to check
Security Roles & Access Controls
  • Use Azure role-based access control
Dat Collection & Storage
  • Management Plane Security for Storage Account
  • Data Plane Security to securing access to your Data
  • Use Transport-Level Encryption
  • Use Client-side encryption
  • Use Storage Service Encryption (SSE) to automatically encrypt data
  • Use Azure Storage Analytics to monitor authorization type
  • Use Cross-Origin Resource Sharing (CORS) to access storage resources from different domains
Security Policies & Recommendations
  • Use Microsoft Defender for Cloud to deploy endpoint solutions
  • Web application firewall (WAF) to secure web applications
  • Apply security contact details for your Azure subscription
Identity & Access Management
  • Synchronize your on-premises directory with your cloud directory using Azure AD
  • Use Single Sign-On to enable users to access their SaaS applications
  • Password Reset Registration Activity report to monitor the users that are registering
  • Multi-factor authentication (MFA) for users
  • Use secure identity capabilities for apps like Microsoft Security Development Lifecycle (SDL)
  • Actively monitor for suspicious activities with Azure AD Premium anomaly reports and Azure AD identity protection capability
Ongoing Security Monitoring
  • Use Malware Assessment Solution Azure Monitor logs to report on the status of antimalware protection in your infrastructure
  • Use Update assessment to determine the overall exposure to potential security problems
  • Identity and Access overview user identity state, failed attempts to sign in, accounts with changed or reset passwords, number of logged in accounts
Microsoft Defender for Cloud detection capabilities
  • Use detection capabilities, to identify active threats
  • Use integrated threat intelligence that looks for known bad actors
  • Use Behavioral analytics that apply known patterns to discover malicious behavior
  • Use Anomaly detection to build a historical baseline
DevOps
  • Infrastructure as Code (IaC) practice
  • Continuous Integration and Deployment drive the ongoing merging and testing of code
  • Release Management for automated deployments through each stage of your pipeline
  • App Performance Monitoring of running applications

The checklist was customized according to the specific requirements and infrastructure peculiarities of our client. As a result, we determined 50+ security issues in the client’s data infrastructure. All of them had to be fixed.

Fixing the client’s security issues

Once all security gaps and potential issues were identified, the ABCloudz team started fixing them simultaneously. In particular, our specialists did the following:

  • Configured the file-sharing options within the data infrastructure.
  • Optimized the system of permissions.
  • Provided more secure authentication and authorization protocols.
  • Established scheduled storage keys regeneration.
  • Fortified secure data encryption.
  • Established mechanisms for efficient security monitoring and auditing.
  • Established a flexible system of password regeneration.
  • Enhanced Azure infrastructure safeguards.
  • Established efficient data recovery mechanisms.
  • Upgrade and patching of the outdated and vulnerable infrastructure parts, such as Windows Server 2003.

Meanwhile, our team had to ensure that all fixes don’t impact the data center’s productivity. Therefore the ABCloudz team applied custom Azure configurations and thoroughly reviewed all fixes to ensure that no change in the Azure console affects the infrastructure performance. If a particular fix impacted the system’s performance, it was reviewed and replaced with an alternative that did not have such an impact on the infrastructure’s efficiency.

Top-notch security and excellent infrastructure performance

The ABCloudz successfully reviewed and upgraded the security of the client’s system. As a result of our effort:
All security issues identified and fixed to establish top-notch security of the infrastructure, which protects the client from data breaches and problems resulting from them.

The client receives Azure console configurations for more efficient security auditing and troubleshooting in the future.

Despite some impactful changes in the client’s infrastructure, its performance was not reduced after our effort.
All the client’s requirements were fulfilled within the shortest terms – 2 months.

After a successful security audit and upgrade, the client feels safe about the security of their infrastructure because it is fortified from various types of data leaks and security breaches. Therefore, the customer’s system is completely compliant with HIPAA regulations.

Benefit from our Azure security expertise and other Practices

The ABCloudz team relies on developed Practices that cover Cloud Infrastructure, DevOps, Database Services, Security and Application Development. In this article we shared an experience of handling Security Infrastructure for Azure, which required a coordinated effort of specialists from several areas: IT Security Specialists, Cloud Engineers, SQL Server Engineers, Application Architects. We encourage you to read about other articles that showcase examples where the ABCloudz team has built applications for Healthcare companies using IoT and BLE devices.

ABCloudz can be your one-stop-shop for all things technology if it is a matter of building a new solution, product or web service, or upgrading your IT infrastructure to be in a top notch state.

Ready to start the conversation?