A little less cloudy

by Joost Agterhoek — on  ,  , 


I don't like the cloud.

At my previous job, I had a sticker from the Free Software Foundation Europe on my laptop that correctly stated: there is no cloud, just other people's computers. Then I joined the Security Operations & Control Center of the Vrije Universiteit Amsterdam and one of the first things I had to do, was get familiar with Azure. At first, it was like another language: okay, I understand what a tenant is, but what exactly is a subscription? Where does a service stop and a resource begin? It didn't help that while I had some Windows experience, I switched from an entirely Linux-focused space to a Windows and Active Directory environment. Safe to say, it's not the same.

Full circle

But gradually, especially as I dove deeper into security-related Azure-services, it clicked with me: as with all my learning, I need to get my hands dirty first, to then retain the theory and lingo. I had to smash my head against a wall to get an Azure Logic-app to work with a managed identity and the correct role assignment to really grasp the concepts and how they interconnect. And funnily enough, it took me back to the days prepping for the interview for my current job, learning the Kusto Query Language to search through Defender and Log Analytics-logs, where now, I am feeding and ingesting custom logs to enrich incident (meta)data for our team. We have come full circle!

What I learned

So the cloud feels a little less cloudy now. To sum it up and for future reference:

  • Azure resources can have their own system- or user-assigned managed identities
  • Through role assignment and role-based access control (RBAC) these identities can have the required permissions
  • This way an Azure-resource like a Logic-app can live standalone (without specific user interaction or requirement) and through API requests enhance existing SIEM interfaces (IP reputation checks, for example)

Image source: Photo by engin akyurt on unsplash.com