Categories
Cloud advice

Azure Active Directory – Issues with User Consent

This blog has been written in collaboration with the Jisc Trust & Identity and Cyber Security teams. Jisc has recently become aware of a potential security risk associated with the default Azure Active Directory (AAD) security settings that are commonly in place across our membership. If your organisation uses AAD (or plans to use it), […]

Categories
Cloud advice

Securing Azure Virtual Desktop

With the start of the pandemic last year, and the huge increase of working from home that it prompted, Azure Virtual Desktop (or Windows Virtual Desktop as it was then) became an important tool for providing a wide variety of applications to remote users. Ostensibly AVD is easy and quick to deploy, meaning environments can […]

Categories
Cloud advice

Remote access and Zero Trust

Zero Trust is a concept which has been around for at least the last decade. Whilst organisations were aware of it and implementing aspects of a Zero Trust architecture, it was not until 2020, for obvious reasons, that pretty much every organisation was forced into thinking about its adoption; responding to a distributed and fragmented […]

Categories
Cloud advice

AWS through Jisc: who owns my accounts?

One of the requirements of our partner agreement with AWS is that we “own” the payer account for all AWS accounts where we are the reseller. This applies regardless of the procurement route – G-Cloud, OCRE, OGVA or direct award. Many of the members we speak to are nervous about this requirement because they are […]

Categories
Cloud advice

ADFS – Moving away from federated 365 authentication

Single sign-on (SSO) plays a key part in providing a secure authentication solution. However, the architecture and authentication flow of these solutions are paramount in ensuring that your identity broker retains its availability and integrity. IAM makes up a core component of the NCSC Cloud Security Principles. Therefore, when implemented it is important that the […]

Categories
Cloud advice

Learn – the pathway to the cloud!

Even though the pandemic has accelerated cloud adoption through 2020 into 2021, the leading cloud providers recognised the potential and benefits of the cloud long before the events of the last twelve months; they have been planning for some time now. They are preparing the future workforce is ready to help them realise the potential […]

Categories
Cloud advice

Managing Microsoft Teams through policies

Introduction With the unprecedented events of 2020 and the requirements for home working/studying, everyone must have been aware of the huge growth of video conferencing. Zoom has seen a 355% increase in its revenues alone, but it is hard to argue that it ended up as Microsoft Teams’ year. The rush towards communications, with the […]

Categories
Cloud advice

Infrastructure as Code – assessing the options

Introduction Infrastructure as Code (IaC) is a key element to successful cloud adoption. Using IaC, organisations create infrastructure that is both re-usable and reproducible. This consistency helps ensure that applications built in development environments will function the same way in near-identical production environments. Changes can (should!) be planned and controlled through coding best practices such as version […]

Categories
Cloud advice

Being a good cloud citizen

When speaking to members and customers about their cloud adoption, I often use a phase to describe the development required for members of the team that will ultimately be deploying and managing resources in the cloud. I describe the need for these individuals to become “good cloud citizens”. This, of course, is followed by the […]

Categories
Cloud advice

Improving PaaS consumption with Azure Private Link

In my opinion, one of the most significant enablers for consumption of Platform as a Service (PaaS) in Azure has been the launch of Azure Private Link capability. For years, the concept, and successful implementation, of a private network has been a cornerstone of IT security. This is still true, even with an ‘assume breach’ […]