Azure security architecture
•3 j'aime•2,230 vues
Signaler
Partager
Télécharger pour lire hors ligne
Azure Security Architecture session, as presented in Finland Azure User Group in Tampere on 20.2.2018 by Karl Ots, Azure MVP.
Contenu connexe
Tendances
![[Azure Governance] Lesson 1 : Azure Naming Convention](https://cdn.slidesharecdn.com/ss_thumbnails/azuregovernance-lesson1-azurenamingconvention-181027154955-thumbnail.jpg?width=384&fit=bounds)
Tendances(20)
![[Azure Governance] Lesson 1 : Azure Naming Convention](https://cdn.slidesharecdn.com/ss_thumbnails/azuregovernance-lesson1-azurenamingconvention-181027154955-thumbnail.jpg?width=768&fit=bounds)
Similaire à Azure security architecture
Similaire à Azure security architecture(20)
Plus de Karl Ots
Plus de Karl Ots(20)
Dernier
Dernier(20)
Azure security architecture
- 2. KARL OTS @ KOMPOZURE • Co-organizer of Finland Azure User Group and IglooConf • Podcast host at Cloud Gossip • Working on Azure since 2011 • Patented inventor • Worked with tens of different customers on full-scale Azure projects, from startups to Fortune 500 enterprises Managing Consultant karl.ots@kompozure.com +358 50 480 1102
- 3. IN THIS SESSION… • Trusted cloud infrastructure • Subscription governance o Policies o Resource Groups and Subscriptions as management level isolation • Access control o RBAC o Azure AD
- 4. 2 Mil kilometers intra-datacenter fiber 72+ Tb per second Backbone 100+ datacenters 42 Azure regions Millions of servers ACCESS APPROVAL Background check System check PERIMETER One defined access point Video coverage Perimeter fencing BUILDING Two-factor authentication with biometrics 24x7x365 security operations Verified single person entry SERVER ENVIRONMENT Employee & contractor vetting Inability to identify location of specific customer data Secure destruction bins
- 9. ROLE BASED ACCESS CONTROL SCOPES Subscription Resource Groups Resources
- 10. RBAC ROLES Owner • Can perform all management operations for a resource and its child resources including access management and granting access to others. Contributor • Can perform all management operations for a resource including create and delete resources. A contributor cannot grant access to other. Reader • Has read-only access to a resource and its child resources. A reader cannot read secrets.
- 11. RBAC AND POLICIES Role Based Access Control (RBAC) • Controls what actions a user may take on Azure resources Resource Manager Policies • Controls what actions may be taken at a given scope
- 12. RESOURCE POLICIES • Resource Policies are used for maintaining consistency and enforcing the governance model. • Resource Policies are a core governance capability and provide ability create defined organizational controls on Azure resources which restrict, enforce or audit certain actions. • Subscription-scope policies should be used to enforce data location • Resource-scope policies should be used for appending tags
- 13. GEOPOLICY POLICIES • Customers explicitly control geographic placement of their assets according to their sovereignty, security, compliance or latency policies • Azure also provides centralized Policy controls to allow/disallow specific geographies for all Azure services
- 14. RESOURCES • Azure Trust Center o https://www.microsoft.com/en-us/TrustCenter/ • Microsoft Azure Security - Getting Started (free Pluralsight course): o https://www.pluralsight.com/courses/microsoft-azure-security-getting- started?twoid=43eb6e26-b9fd-4aa0-b88f-2604b82e810f • Azure Virtual Datacenter (eBook) o https://azure.microsoft.com/en-us/resources/azure-virtual- datacenter/en-us/ • PCI-DSS Compliant PaaS Blueprint o aka.ms/pciblueprints