How to secure your RBAC infrastructure in Azure
FREE Membership Required to View Full Content:
Joining MSDynamicsWorld.com gives you free, unlimited access to news, analysis, white papers, case studies, product brochures, and more. You can also receive periodic email newsletters with the latest relevant articles and content updates.
Learn more about us here
RBAC stands for role-based access control. It is Microsoft’s way of assigning roles and permissions to groups and users. More broadly, it is an important concept in cybersecurity for grouping users to give them a common set of permissions.
RBAC played a big role in one of my recent projects. The problem I’m seeing is that AWS and other vendors implement their RBAC settings differently than Microsoft. When you migrate from one to another, you run into a lot of issues and you have to be very careful about how that structure gets built, which prompted this recent project.
Let’s stick with the example of AWS. When you migrate your RBAC from AWS to Azure, there is a misalignment because AWS doesn’t have nearly as fine-grained control. You don’t have as much permission settings as Azure RBAC. Many times there will be too many people with too much permission. For example, you may have twenty admins who have too much control and you have to limit that list of admins to as few as possible. Or you may discover people with access to directories they shouldn’t have access to. Be aware of what the permissions are and make sure people don’t have access to places they don’t need to be. This goes back to the Zero Trust framework. Settle on the least permission needed to do your job.
The issue comes from the fact that RBAC seems deceptively simple.
FREE Membership Required to View Full Content:
Joining MSDynamicsWorld.com gives you free, unlimited access to news, analysis, white papers, case studies, product brochures, and more. You can also receive periodic email newsletters with the latest relevant articles and content updates.
Learn more about us here