Foreword

I am writing this foreword amid one of the largest and most invasive cybersecurity breaches in history—Solorigate. A sophisticated, nation-state actor was able to infiltrate a well-known supplier of network monitoring and management solutions. The threat actor injected a backdoor into the supplier’s build system, and the backdoor was then signed with a valid certificate and pushed to approximately 18,000 customers. What made this attack particularly novel was the fact that the threat actor leveraged their access to on-premises systems to then pivot and begin accessing cloud services, which appeared to be their primary target. The attacker also attempted to hide their level of access by leveraging Azure Service Principals to blend in with standard traffic and access patterns.

With attacks like Solorigate, it is essential to have a strong understanding of how to properly segment, protect, and monitor your cloud estate. Microsoft Azure is one of the dominant public clouds available in the market today and is used extensively by both governments and commercial enterprises. Microsoft Azure offers hundreds of different cloud computing solutions to organizations that allow them to innovate quickly, increase the digital experiences for customers and employees, and reduce large outlays in capital for data centers and hardware.

While cloud computing offers amazing benefits, it also introduces risks that security and IT teams must properly manage. In this book, Nicholas and Anthony cover the foundational security services and design patterns that organizations should adopt to protect and monitor their Azure workloads. I can think of no more qualified individuals than Nicholas and Anthony to provide practical, real-world implementation guidance regarding the design of secure Azure networking architectures. From preventing volumetric DDoS attacks to monitoring security logs with Azure Sentinel, this book covers everything you need to jump-start your journey into Azure security architecture and engineering.

For every IT leader using Microsoft Azure, put this on your team’s required reading list!

We are in the fight to deter cyberattacks together, and I applaud the effort that Nicholas and Anthony have put into making this essential material accessible to a broader audience. For all those who are working tirelessly to protect your organizations’ data and computer systems, thank you! Look after yourselves and each other.

—Jonathan C. Trull