Robuyekha Logo
Cloud Security Implementation
Cloud Security Apr 27, 2025 163 views

Cloud Security Implementation

Task: Hardening an Azure Environment for Compliance and Resilience


By Reynold W. Obuyekha
M.S. Cybersecurity, 2025


Modern cloud environments offer scalability and flexibility - but without the right security controls, they can also introduce serious risk. In this project, I conducted a full security evaluation and remediation of a cloud infrastructure hosted in Microsoft Azure, focusing on encryption, access control, backup configuration, and regulatory compliance.


Issues Identified During the Assessment


The initial cloud environment revealed several high-risk misconfigurations:


  • No encryption enabled for key virtual networks and storage resources.
  • Backups were not configured, posing data loss risks during outages or attacks.
  • Users had broad access across departments, violating the principle of least privilege.
  • No recent vulnerability assessments had been conducted - despite regulatory requirements.

These gaps made the environment noncompliant with major frameworks including FISMA, PCI DSS, and NIST SP 800-53, which are critical for organizations handling sensitive or regulated data.


Solutions: Remediation and Secure Cloud Design


To bring the environment into compliance and strengthen its security posture, I implemented the following:


  • Azure IaaS Architecture to centralize control over virtual machines, networking, and storage.
  • Role-Based Access Control (RBAC) to restrict users to only the resources their role requires.
  • Key Vault Management to enforce data-at-rest and in-transit encryption, with strict access policies.
  • Centralized Backup Policies with defined RPO/RTO objectives and daily backup schedules.
  • Public access disabled on key resources to reduce external attack surfaces.


Alignment with Regulatory Standards


The secure redesign was guided by:


  • NIST SP 800-53: Implemented control families related to access control, audit logging, and contingency planning.
  • FISMA: Improved continuous monitoring and defined ownership for cloud responsibilities.
  • PCI DSS: Enforced encryption, access controls, and logging for systems handling sensitive data.

Threats Addressed


Several emerging threats were proactively mitigated:


  • Misconfiguration risks addressed through automation and Azure policy enforcement.
  • Insider threats mitigated via RBAC, auditing, and user awareness training.
  • -  Advanced Persistent Threats (APTs) considered through proactive detection and threat intelligence strategies.

Key Takeaways


Cloud security is more than just turning on services - it's about strategic configuration, shared responsibility, and ongoing compliance. This project helped transform a vulnerable environment into a secure, audit-ready, and resilient cloud platform capable of supporting future growth and regulatory needs.


Azure NIST SP 800-53 FISMA APTs RBAC

Categories

Recent Posts

Capstone Project Task

Capstone Project Task

Aug 04, 2025
Cybersecurity Governance Plan
MD5 vs SHA-256 password hashing
Secure Network Design Post-Merger

Popular Posts

Secure Network Design Post-Merger
MD5 vs SHA-256 password hashing
Cybersecurity Governance Plan
Capstone Project Task